Google this week released the November 2018 set of security patches for its Android platform, which address tens of Critical and High severity vulnerabilities in the operating system.

The addressed issues include remote code execution bugs, elevation of privilege flaws, and information disclosure vulnerabilities, along with a denial of service. Impacted components include Framework, Media framework, System, and Qualcomm components.

“The most severe vulnerability in this section could enable a proximate attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google explains.

The Internet giant also announced that the Libxaac library has been marked as experimental and is no longer used in production of Android builds. The reason for this is the discovery of multiple vulnerabilities in the library, and Google lists 18 CVEs impacting it.

As usual, the search company split the fixes into two parts, with the 2018-11-01 security patch level, addressing 17 flaws, including four rated Critical severity (all of which impact Media framework).

This security patch level fixes 7 elevation of privilege bugs (two rated Critical, four High severity, and one Medium), three remote code execution bugs (two Critical and one High severity), six information disclosure issues (all rated High severity) and one denial of service (Medium).

The 2018-11-05 security patch level, on the other hand, patches 19 issues, three of which were rated Critical.

Two of the bugs impact the Framework component, while the remaining 17 were addressed in Qualcomm components, including 14 issues in Qualcomm closed-source components (3 Critical and 11 High risk).

Vag COM , TCS CDP , VAS5054A , GM Tech2 , Iprog+ Programmer , Orange 5 programmer , SBB3 PRO3 Key Programmer , wiTech MicroPod II , T300+ Key Programmer, Iprog, Scania VCI3, mercedes star diagnostic, Porsche Piwis, vocom 88890300, Renault CAN Clip, SBB Key Programmer, NEXIQ USB Link

According to Google, it has no reports of active customer exploitation or abuse of these issues. The company also notes that exploitation of vulnerabilities is more difficult on newer versions of Android and encourages users to update as soon as possible.

In addition to these patches, Pixel and Nexus devices receive fixes for three additional vulnerabilities. These include an elevation of privilege in HTC components and two other bugs in Qualcomm components. All three are rated Medium severity.

“All Pixel devices running Android 9 will receive an Android 9 update as part of the November OTA. This quarterly release contains many functional updates and improvements to various parts of the Android platform and supported Pixel devices,” Google says.

A series of functional updates were also pushed to these devices, to improve performance for the use of picture-in-picture, Strongbox symmetric key generation requests, and stability for notifications.

谷歌将一些弱小的库从安卓代码移除Google Removes Vulnerable Library from Android的更多相关文章

  1. repo+manifests+git方式管理安卓代码

    repo+manifests+git方式管理安卓代码 1.repo的获取 repo只是google用Python脚本写的调用git的一个脚本,主要是用来下载.管理Android项目的软件仓库.(也就是 ...

  2. 工作不久的安卓开发者,他们是这样规划自己的Android学习路线

    Android开发工作者工作不久的时候,会有一段迷茫期,觉得自己应该再学一点,却不知道从何学起,该怎样规划自己的学习路线呢?今天,我给大家梳理一下Android基础,就像建造房屋一样,要建造一座宏伟的 ...

  3. Google Colab——用谷歌免费GPU跑你的深度学习代码

    Google Colab简介 Google Colaboratory是谷歌开放的一款研究工具,主要用于机器学习的开发和研究.这款工具现在可以免费使用,但是不是永久免费暂时还不确定.Google Col ...

  4. 谷歌正式发布Google APIs Client Library for .NET

    好消息,特大好消息! 英文原文:Google API library for .NET paves the way for Google services on Windows phone 本月 17 ...

  5. Linux下c函数dlopen实现加载动态库so文件代码举例

    dlopen()是一个强大的库函数.该函数将打开一个新库,并把它装入内存.该函数主要用来加载库中的符号,这些符号在编译的时候是不知道的.这种机制使得在系统中添加或者删除一个模块时,都不需要重新编译了. ...

  6. C/C++ 开源库及示例代码

    C/C++ 开源库及示例代码 Table of Contents 说明 1 综合性的库 2 数据结构 & 算法 2.1 容器 2.1.1 标准容器 2.1.2 Lockfree 的容器 2.1 ...

  7. 利用Python中的mock库对Python代码进行模拟测试

    这篇文章主要介绍了利用Python中的mock库对Python代码进行模拟测试,mock库自从Python3.3依赖成为了Python的内置库,本文也等于介绍了该库的用法,需要的朋友可以参考下     ...

  8. 密钥库文件格式[keystore]代码

    密钥库文件格式[keystore]代码 格式    :     JKS 扩展名  :      .jks/.ks 描述    :     [Java Keystore]密钥库的Java实现版本,pro ...

  9. 解决安卓SDK更新dl-ssl.google.com无法连接的方法

    Q:解决安卓SDK更新dl-ssl.google.com无法连接的方法: A1.修改C:\windows\system32\dirvers\etc\hosts文件,将其复制到其他地方修改后替换回原来的 ...

随机推荐

  1. 金蝶KIS&K3助记码SQL数据库批量刷新

    金蝶KIS&K3助记码SQL数据库批量刷新 用的次数不多,就没有写入存储过程或者触发里面了,可以自行实现. 第一步选择对应账套的数据库,执行下面的命令,这个是一个函数. go if exist ...

  2. RxJS操作符(一)

    一.创建类操作符 创建类操作符是连接传统编程和响应式编程的强梁 from: 可以把数组.Promise.以及Iterable转化为Observable. fromEvent: 可以把事件转化为Obse ...

  3. Vue基础语法

    一.挂载点,模版和实例 二.Vue实例中的数据,事件和方法 1.v-html指令和v-text指令 v-html :不转义 v-text :转义过后的内容 <div id="root& ...

  4. Android+openCV 动态人脸检测

    动态人脸检测前提是需要打开摄像头. 网上看了很多教程,我知道的有两种方式打开摄像头: JavaCameraView mCameraView = new JavaCameraView(this, -1) ...

  5. UOJ#460. 新年的拯救计划 构造

    原文链接https://www.cnblogs.com/zhouzhendong/p/UOJ460.html 题解 本题的构造方法很多.这里只介绍一种. 首先,总边数为 $\frac{n(n-1)}2 ...

  6. CentOS系统安全加固常见方法

    关于Linux系统安全加固的具体实现脚本及基线检查规范,以供主机维护人员参考学习. 其中以下脚本主要实现的功能包括: *加固项包括:密码长度.session超时时间.删除不用的帐号和组.限制root用 ...

  7. 使用BITSADMIN下载文件

    BITSADMIN /RAWRETURN /TRANSFER D /PRIORITY HIGH http://127.0.0.1:80/file.exe C:\ProgramData\file.exe

  8. DWM1000 多个标签定位讨论 --[蓝点无限]

    多标签代码已经基本实现,完成代码可以在论坛上下载 http://bphero.com.cn/forum.php?mod=viewthread&tid=53&fromuid=2  蓝点D ...

  9. centos官网下载地址

    CentOS 7官方下载地址:https://www.centos.org/download/ 源自博友的博客:https://blog.csdn.net/yf9595/article/details ...

  10. 马昕璐201771010118《面向对象程序设计(java)》第七周学习总结

    第一部分:理论知识学习部分 Java用于控制可见性的4个访问权限修饰符: 1.private(只有该类可以访问) 2.protected(该类及其子类的成员可以访问,同一个包中的类也可访问) 3.pu ...