Google is busy in updating its Android OS with the third and probably the largest security patch update that the company will be releasing this year. March 2017 Android update offer fixes for around 105 security vulnerabilities.
This marks a whopping increment in the number of identified security flaws since when Google released a patch for Android in March 2016 it only contained fixes for 19 flaws while this year’s patch will fix 105 flaws. Overall, Google has provided patches for 253 Android vulnerabilities. 90 of these were patched in January, 58 in February and 105 in March.
According to the official post on Android blog, Google has regarded 35 of the 105 vulnerabilities as highly critical regarding severity level. Just like the previous times this time as well the media server component is believed to be the primary culprit behind many of these vulnerabilities.
It is worth noting that Google’s first ever Android update which was released in August 2015 pointed out the media server component and since then it has appeared in all of its security updates so far.
Out of the 35 critical flaws, 9 are remote code execution vulnerabilities identified in Google’s media server whereas the same component is believed to be harvesting seven more high impact denial of service flaws. Two of the 35 vulnerabilities have been labeled as having a moderate impact. Google has always made it a point to patch media server oriented vulnerabilities in all of its updates, but it hasn’t yet disclosed the potential risks that these flaws pose to users. According to Android security director at Google, Adrian Ludwig, there haven’t been any confirmed cases of exploitation of users resulting from the Stagefright media server flaws.
There are around 35 flaws that are Qualcomm driver oriented and patched in the March 2017 Android update by Google. These flaws include privilege boosting issues in some its components such as networking, Wi-Fi, bootloader, GPU drivers, fingerprint sensor, and camera. Six of these 35 Qualcomm driver flaws are rated as critical.
The update also includes a patch for the Open-source OpenSSL cryptographic library, which was divided by Google in its BoringSSL program. In its security advisory, Google notified users that the presence of remote code execution flaw in BoringSSL and OpenSSL could easily allow an attacker to conduct memory exploitation using a uniquely designed file. This can occur during data and file processing procedures.
To go through the complete list of vulnerabilities patched by Google visit Android’s official blog post.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.