Google this week released the November 2018 set of security patches for its Android platform, which address tens of Critical and High severity vulnerabilities in the operating system.

The addressed issues include remote code execution bugs, elevation of privilege flaws, and information disclosure vulnerabilities, along with a denial of service. Impacted components include Framework, Media framework, System, and Qualcomm components.

“The most severe vulnerability in this section could enable a proximate attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google explains.

The Internet giant also announced that the Libxaac library has been marked as experimental and is no longer used in production of Android builds. The reason for this is the discovery of multiple vulnerabilities in the library, and Google lists 18 CVEs impacting it.

As usual, the search company split the fixes into two parts, with the 2018-11-01 security patch level, addressing 17 flaws, including four rated Critical severity (all of which impact Media framework).

This security patch level fixes 7 elevation of privilege bugs (two rated Critical, four High severity, and one Medium), three remote code execution bugs (two Critical and one High severity), six information disclosure issues (all rated High severity) and one denial of service (Medium).

The 2018-11-05 security patch level, on the other hand, patches 19 issues, three of which were rated Critical.

Two of the bugs impact the Framework component, while the remaining 17 were addressed in Qualcomm components, including 14 issues in Qualcomm closed-source components (3 Critical and 11 High risk).

Vag COM , TCS CDP , VAS5054A , GM Tech2 , Iprog+ Programmer , Orange 5 programmer , SBB3 PRO3 Key Programmer , wiTech MicroPod II , T300+ Key Programmer, Iprog, Scania VCI3, mercedes star diagnostic, Porsche Piwis, vocom 88890300, Renault CAN Clip, SBB Key Programmer, NEXIQ USB Link

According to Google, it has no reports of active customer exploitation or abuse of these issues. The company also notes that exploitation of vulnerabilities is more difficult on newer versions of Android and encourages users to update as soon as possible.

In addition to these patches, Pixel and Nexus devices receive fixes for three additional vulnerabilities. These include an elevation of privilege in HTC components and two other bugs in Qualcomm components. All three are rated Medium severity.

“All Pixel devices running Android 9 will receive an Android 9 update as part of the November OTA. This quarterly release contains many functional updates and improvements to various parts of the Android platform and supported Pixel devices,” Google says.

A series of functional updates were also pushed to these devices, to improve performance for the use of picture-in-picture, Strongbox symmetric key generation requests, and stability for notifications.

谷歌将一些弱小的库从安卓代码移除Google Removes Vulnerable Library from Android的更多相关文章

  1. repo+manifests+git方式管理安卓代码

    repo+manifests+git方式管理安卓代码 1.repo的获取 repo只是google用Python脚本写的调用git的一个脚本,主要是用来下载.管理Android项目的软件仓库.(也就是 ...

  2. 工作不久的安卓开发者,他们是这样规划自己的Android学习路线

    Android开发工作者工作不久的时候,会有一段迷茫期,觉得自己应该再学一点,却不知道从何学起,该怎样规划自己的学习路线呢?今天,我给大家梳理一下Android基础,就像建造房屋一样,要建造一座宏伟的 ...

  3. Google Colab——用谷歌免费GPU跑你的深度学习代码

    Google Colab简介 Google Colaboratory是谷歌开放的一款研究工具,主要用于机器学习的开发和研究.这款工具现在可以免费使用,但是不是永久免费暂时还不确定.Google Col ...

  4. 谷歌正式发布Google APIs Client Library for .NET

    好消息,特大好消息! 英文原文:Google API library for .NET paves the way for Google services on Windows phone 本月 17 ...

  5. Linux下c函数dlopen实现加载动态库so文件代码举例

    dlopen()是一个强大的库函数.该函数将打开一个新库,并把它装入内存.该函数主要用来加载库中的符号,这些符号在编译的时候是不知道的.这种机制使得在系统中添加或者删除一个模块时,都不需要重新编译了. ...

  6. C/C++ 开源库及示例代码

    C/C++ 开源库及示例代码 Table of Contents 说明 1 综合性的库 2 数据结构 & 算法 2.1 容器 2.1.1 标准容器 2.1.2 Lockfree 的容器 2.1 ...

  7. 利用Python中的mock库对Python代码进行模拟测试

    这篇文章主要介绍了利用Python中的mock库对Python代码进行模拟测试,mock库自从Python3.3依赖成为了Python的内置库,本文也等于介绍了该库的用法,需要的朋友可以参考下     ...

  8. 密钥库文件格式[keystore]代码

    密钥库文件格式[keystore]代码 格式    :     JKS 扩展名  :      .jks/.ks 描述    :     [Java Keystore]密钥库的Java实现版本,pro ...

  9. 解决安卓SDK更新dl-ssl.google.com无法连接的方法

    Q:解决安卓SDK更新dl-ssl.google.com无法连接的方法: A1.修改C:\windows\system32\dirvers\etc\hosts文件,将其复制到其他地方修改后替换回原来的 ...

随机推荐

  1. type=file的inpu美化,自定义上传按钮样式

    <div class="div1"> <div class="div2">点击上传</div> <input type ...

  2. 别再用"while (!feof(file))"来逐行读取txt文件了!

    起因 执行一个C/C++程序出现segment fault.它逐行读取文本文件,每一行是一个图片名字,然后读图.处理图像,etc. 发现最后一次读取的文件名不存在(空的). 正确的逐行读取txt文件 ...

  3. Matlab将多项式的系数设为0

    符号运算时有些多项式的系数值接近于0,像这样 fun = 3.5753839759325595498222646101085e-49*x + 1.836709923159824231201150839 ...

  4. numpy的基础运算2-【老鱼学numpy】

    numpy的基础运算中还有很多运算,我们这里再记录一些. 最小/大值索引 前面一篇博文中我们讲述过如何获得数组中的最小值,这里我们获得最小/大值的索引值,也就是这个最小/大值在整个数组中位于第几位. ...

  5. 一起学爬虫——urllib库常用方法用法总结

    1.读取cookies import http.cookiejar as cj,urllib.request as request cookie = cj.CookieJar() handler = ...

  6. fillder---工具栏隐藏/显示

    显示隐藏工具栏方法:view---show toolbar

  7. Doctrine2-基础概念

    使用框架操作数据库的几个要求 1.安全,比如防止sql注入等,pdo里面prepare,execute 就可以 2.性能,数据库操作是最基本的操作,频繁使用,需要考虑到执行效率 3.ORM(objec ...

  8. HDU 3949 XOR [线性基|高斯消元]

    目录 题目链接 题解 代码 题目链接 HDU 3949 XOR 题解 hdu3949XOR 搞死消元找到一组线性无关组 消出对角矩阵后 对于k二进制拆分 对于每列只有有一个1的,显然可以用k的二进制数 ...

  9. [bzoj1051]Popular Cows

    刚刚被ysy在联考里虐了,差点爆tan(pi/4),只好来bzoj寻求安慰再被虐一次233 (tarjan是什么智障东西不想打我好弱啊,tarjan都不会打) Description 每一头牛的愿望就 ...

  10. vue_过渡_动画

    过渡效果 <style> .xxxx-enter-active,         // 显示过渡 .xxxx-leave-active {        // 隐藏过渡 transitio ...