Google this week released the November 2018 set of security patches for its Android platform, which address tens of Critical and High severity vulnerabilities in the operating system.

The addressed issues include remote code execution bugs, elevation of privilege flaws, and information disclosure vulnerabilities, along with a denial of service. Impacted components include Framework, Media framework, System, and Qualcomm components.

“The most severe vulnerability in this section could enable a proximate attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google explains.

The Internet giant also announced that the Libxaac library has been marked as experimental and is no longer used in production of Android builds. The reason for this is the discovery of multiple vulnerabilities in the library, and Google lists 18 CVEs impacting it.

As usual, the search company split the fixes into two parts, with the 2018-11-01 security patch level, addressing 17 flaws, including four rated Critical severity (all of which impact Media framework).

This security patch level fixes 7 elevation of privilege bugs (two rated Critical, four High severity, and one Medium), three remote code execution bugs (two Critical and one High severity), six information disclosure issues (all rated High severity) and one denial of service (Medium).

The 2018-11-05 security patch level, on the other hand, patches 19 issues, three of which were rated Critical.

Two of the bugs impact the Framework component, while the remaining 17 were addressed in Qualcomm components, including 14 issues in Qualcomm closed-source components (3 Critical and 11 High risk).

Vag COM , TCS CDP , VAS5054A , GM Tech2 , Iprog+ Programmer , Orange 5 programmer , SBB3 PRO3 Key Programmer , wiTech MicroPod II , T300+ Key Programmer, Iprog, Scania VCI3, mercedes star diagnostic, Porsche Piwis, vocom 88890300, Renault CAN Clip, SBB Key Programmer, NEXIQ USB Link

According to Google, it has no reports of active customer exploitation or abuse of these issues. The company also notes that exploitation of vulnerabilities is more difficult on newer versions of Android and encourages users to update as soon as possible.

In addition to these patches, Pixel and Nexus devices receive fixes for three additional vulnerabilities. These include an elevation of privilege in HTC components and two other bugs in Qualcomm components. All three are rated Medium severity.

“All Pixel devices running Android 9 will receive an Android 9 update as part of the November OTA. This quarterly release contains many functional updates and improvements to various parts of the Android platform and supported Pixel devices,” Google says.

A series of functional updates were also pushed to these devices, to improve performance for the use of picture-in-picture, Strongbox symmetric key generation requests, and stability for notifications.

谷歌将一些弱小的库从安卓代码移除Google Removes Vulnerable Library from Android的更多相关文章

  1. repo+manifests+git方式管理安卓代码

    repo+manifests+git方式管理安卓代码 1.repo的获取 repo只是google用Python脚本写的调用git的一个脚本,主要是用来下载.管理Android项目的软件仓库.(也就是 ...

  2. 工作不久的安卓开发者,他们是这样规划自己的Android学习路线

    Android开发工作者工作不久的时候,会有一段迷茫期,觉得自己应该再学一点,却不知道从何学起,该怎样规划自己的学习路线呢?今天,我给大家梳理一下Android基础,就像建造房屋一样,要建造一座宏伟的 ...

  3. Google Colab——用谷歌免费GPU跑你的深度学习代码

    Google Colab简介 Google Colaboratory是谷歌开放的一款研究工具,主要用于机器学习的开发和研究.这款工具现在可以免费使用,但是不是永久免费暂时还不确定.Google Col ...

  4. 谷歌正式发布Google APIs Client Library for .NET

    好消息,特大好消息! 英文原文:Google API library for .NET paves the way for Google services on Windows phone 本月 17 ...

  5. Linux下c函数dlopen实现加载动态库so文件代码举例

    dlopen()是一个强大的库函数.该函数将打开一个新库,并把它装入内存.该函数主要用来加载库中的符号,这些符号在编译的时候是不知道的.这种机制使得在系统中添加或者删除一个模块时,都不需要重新编译了. ...

  6. C/C++ 开源库及示例代码

    C/C++ 开源库及示例代码 Table of Contents 说明 1 综合性的库 2 数据结构 & 算法 2.1 容器 2.1.1 标准容器 2.1.2 Lockfree 的容器 2.1 ...

  7. 利用Python中的mock库对Python代码进行模拟测试

    这篇文章主要介绍了利用Python中的mock库对Python代码进行模拟测试,mock库自从Python3.3依赖成为了Python的内置库,本文也等于介绍了该库的用法,需要的朋友可以参考下     ...

  8. 密钥库文件格式[keystore]代码

    密钥库文件格式[keystore]代码 格式    :     JKS 扩展名  :      .jks/.ks 描述    :     [Java Keystore]密钥库的Java实现版本,pro ...

  9. 解决安卓SDK更新dl-ssl.google.com无法连接的方法

    Q:解决安卓SDK更新dl-ssl.google.com无法连接的方法: A1.修改C:\windows\system32\dirvers\etc\hosts文件,将其复制到其他地方修改后替换回原来的 ...

随机推荐

  1. (一)Knockout 计算属性

    1 Computed 首先,创建一个view model如下: <body> <p>The fullname is: <span data-bind="text ...

  2. js隐藏元素、jquery隐藏、css隐藏

    $("#yh").css("display","none");//隐藏元素 $("#yh").css("dis ...

  3. Spring Boot 项目实战(五)集成 Dubbo

    一.前言 上篇介绍了 Redis 的集成过程,可用于解决热点数据访问的性能问题.随着业务复杂度的提高,单体应用越来越庞大,就好比一个类的代码行数越来越多,分而治之,切成多个类应该是更好的解决方法,所以 ...

  4. 【java】-- java并发包总结

    1.同步容器类 1.1.Vector与ArrayList异同 1.Arraylist和Vector都是采用数组方式存储数据,都允许直接序号索引元素,所以查找速度快,但是插入数据等操作涉及到数组元素移动 ...

  5. ef core的外键约束笔记

    ef core设置可选外键,有如下几种方式:1.在依赖实体AAA中,并不显式设置外键属性XXXId 2.手动设置外键属性XXXId为可空类型(int?等类型) 3.在实体类与数据表进行映射时,配置狭隘 ...

  6. vscode断点调试工程化客户端文件

    一.调试webpack配置文件 launch.json的配置如下,在webpack.dev.config.js文件中设置断点,开始调试. { "version": "0. ...

  7. Java 标记接口

    没有声明或定义方法的接口称为标记接口(Mark Interface).某个类实现该接口时不需要重写方法,表明具有接口标记的功能.Java中常用的3个标记接口如下: 1 Serializable jav ...

  8. lstm bptt推导

    深蓝 nlp 180429这个有详细的讲解

  9. 查找已连接过的wifi密码

    无意之间看到能破解已连接过的wifi密码的诀窍,赶紧存储下来. 1. 首先打开终端 2. 在没有网路的情况下输入: netsh wlan show profiles 结果如下(自己的): 这些‘用户配 ...

  10. TextInputLayout 用法

    <?xml version="1.0" encoding="utf-8"?> <LinearLayout xmlns:android=&quo ...