Google today pushed out the November edition of its monthly Android security updates, giving carriers and device makers a fresh set of patches to install. Fingers cross the patches are rolled out to you ASAP.
The November bulletin contains fixes for three remote code execution flaws as well as a number of information disclosure and elevation of privilege vulnerabilities in various core components of Android.
Beyond the basic Google patch level (2018-11-01) release, that fixes bugs in the core components of Android, the bundle also address another 17 CVE-listed vulnerabilities in various Qualcomm components used in Android phones.
Though Google puts out the Android security patches each month, the job of actually getting the fixes to end users falls on the telcos and/or device manufacturers themselves. Those partners can, to put it mildly, vary in their ability to green light and release the patches in a timely fashion – one Reg staffer has a year-old device that hasn’t seen a proper security update since August of 2017 despite it running Android 7.0.
Submitted by: Arnfried Walbrecht