Android Security Issues, Patches & Latest Update: Latest Patch Fixes DRAMMER Vulnerability, Dirty Cow Not Yet Fully Addressed
Google has released another batch of security fixes for Android, which can fix a dozen critical vulnerabilities, some of which could let attacks that compromise devices happen. One of the many fixes is against a bit-flipping attack against memory chips that could lead to privilege escalation. However, still, a widespread rooting vulnerability in the Linux kernel is unpatched.
PC World reports that as Google makes firmware updates available for its Pixel and Nexus devices on the first Monday of each month, the security patches are shared with other manufacturers a month in advance. Later, these are contributed to the Android Open Source Project so that the entire Android system would benefit from it.
For this latest update, Google has split it into several security patch level so that it would be easier for manufacturers to deploy only fixes that apply to different devices like it has done in previous months. The latest 2016-11-01 patch level contains fixes for flaws in Android's components and addresses 16 high risk flaws, 10 medium risk ones and two critical vulnerabilities.
One of the attacks which the latest update wants to prevent is known as Drammer. It works as a physical attack against dynamic random access memory chips that would be exploited by applications so that they would gain root control on a device.
While this could make Android users and developers breathe a sigh of relief, some however think that something is missing as it appears that a vulnerability known as Dirty Cow has dodged the update. In Android's Official Security Blog, patches will be formally introduced that would deal with Dirty Cow for Android handset makers in its December Android Security Bulletin.
However, it is to be noted that beginning with this month's Android Security Bulletin, different categories for patches and fixes have been introduced and these include partial, complete and supplemental. Android says that these are meant to provide partners with the flexibility to fix vulnerabilities faster that are similar across all Android platforms.
In the latest bulletin, Dirty Cow was the only issue that has been covered with a supplemental security patch level. However, with an upcoming fix and with more urgent issues fixed by Google in the patch, there is really nothing much to be too worried about.