Google eliminates 7 vulnerabilities in latest Android patch
Google has begun rolling out its November security update for Nexus smartphones, eliminating seven vulnerabilities in Android — one of which was a “severe” issue that could allow remote code execution.
“The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files,” Google explains in its latest “Nexus Security Bulletin.”
The company insists that it has received no reports of “customer exploitation” through these vulnerabilities, which its hardware partners were notified about on October 5. Google vows to release the source code for its patches to the Android Open Source Project (AOSP) over the next 48 hours.
If you have a Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7, or Nexus 9, then you can download Google’s latest factory images for manual flashing now. The updates will also be rolling out over-the-air soon. Who knows when we’ll see them on third-party handsets.