Google’s next patch will fix 37 vulnerabilities in Android.
The new security bulletin for Android was put online on March 1 by Google, to present the content of the next patch that will be deployed in smartphones within a few weeks. Like the previous edition, the patch that will soon be made available to the public only deals with vulnerabilities deemed “serious” or “critical”. The bulletin lists 37 in all.
A fix for the last four versions of Android
If you have a phone with a version of Android that is at least 2018, you will normally receive the patch shortly. Google still supports the security of the last four major generations of the mobile operating system, namely Android Oreo (version 8.1) released December 5, 2017, Pie (arrived August 6, 2018), 10 (September 3, 2019) and 11 (September 8, 2020).
Google’s assessment of the various vulnerabilities leads it to say that the most serious of these issues is a critical security flaw in the System component, which could allow a remotely located attacker using a specially crafted transmission to execute malicious code. . But to have the expected impact, it would need to have special privileges in the OS
” The severity rating is based on the effect that exploitation of the vulnerability could have on an affected device, assuming platform and service mitigations are disabled for development purposes or if they are successfully bypassed Google qualifies, however. The company does not report an ongoing exploitation of any of its breaches, which is a good sign.
Several other compartments of Android are affected by the March patch, such as the Runtime runtime environment, Wi-Fi, the multimedia framework, the OS kernel (which Google will take more care of, via the Linux foundation ) and components from third parties, such as the American supplier Qualcomm – especially Qualcomm in reality, because it is the only one cited in this monthly edition.
The severity of a security breach is calculated according to a scale, the CVSS score. This scale makes it possible to objectify the dangerousness of the breach by observing the prerequisites and constraints to exploit it, but also the consequences it can have on the victim’s smartphone (or PC). It’s not the same if you can attack remotely or if you have to have physical access to the terminal, for example.
The arrival of the patch will be spread over a few weeks, depending on the manufacturer and the model of the smartphone.
The continuation in video