Monday, 24 September, 2018

Android security: Google details Pixel and Nexus vulnerabilities in December bulletin

Google releases December Security Bulletin for Android KRACK fix included
       By John Hoff Google releases December Security Bulletin for Android KRACK fix included By John Hoff
Theresa Hayes | 05 December, 2017, 20:09

December bulletin shows that a handful of issues have been resolved around several other categories like Kernel components, Broadcom components, MediaTek components, Qualcomm components, and NVIDIA components. Google notes that its hardware partners were notified of these issues at least a month ago "and may choose to incorporate them as part of their device updates".

Google's Android security bulletin for December is finally out, and it means that the now supported lineup of Pixel and Nexus phone should be getting new builds tomorrow.

When an attacker is within range of an affected Android device, the attacker can use the KRACK vulnerability to retrieve pertinent information that users assume to be safely encrypted.

The Android security bulletin is different from Pixel/Nexus bulletin as it talks about security patches done in Android patch level rather than just Google devices. "We encourage all customers to accept these updates to their devices", Google said. We will update you once the OTA arrives.

The biggest beneficiaries of Android 8.1 could be those on low-end devices though, as Google has also crafted the Android Oreo (Go edition).

Pretty recently, Google has also started putting out a separate patch for Nexus and Pixel devices - which concentrates on specific vulnerabilities and issues with those devices. The update comes with some security fixes. According to complaints posted to Reddit, users saw a quick drop in the battery life of their devices when they are connected to Wi-Fi. Ever since the Stagefright vulnerability was made public, the mothership has made it its own responsibility to put out a monthly patch for evolving Android security risks.