For October, Google releases the Android security updates. They address a total of 41 vulnerabilities that ranges between high and critical severity.
Every fifth day of each successive month, Google releases a complete breakdown of the Android OS security patch. This also contains both framework and vendor fixes. Therefore, this update also includes the remedies for the ten bugs identified in the Security patch level earlier this month.
Denial of service, remote code execution, privilege elevation, and information disclosure issues are the high-severity flaws addressed and taken care of this month.
Android Security Update Identifies three critical severity flaws this month.
The first one found in the Android security upgrade is CVE-2020-11301 is a critical flaw that affects Qualcomm’s WLAN component. The concern is the acceptance of unencrypted frames on a secure network. CVE-2020-11264 is the second flaw, and it affects Qualcomm’s WLAN component that concerns the acceptance of non-EAPOL/WAPI frames from unauthorized gapes received in the IPA exception path. Lastly, CVE-2021-0870 is a remote code of execution flaw in the Android System, allowing a faraway threat actor to execute arbitrary code within the context of an entitled process.
Out of 41 reported flaws this month, not one of these is under active exploitation. Due to this matter, there should be zero known working exploits circulating in the current environment. The vulnerabilities that will be fixed this month which older devices will not address, might be prone to increase attacks from threat actors mainly because the current security updates do not support older devices.
Android version 8.1 to Android version 11 is the only concern of the fixes mentioned above. Therefore, Android security patches are not directly bound to all versions, which results in the OS version not determining if other versions will still be supported.
The recommended approach is to install a third-party Android distribution that delivers monthly security patches or replace it with a newer version. This process is applicable if you have confirmed that your devices have reached the EOL date.
The fans of Android eagerly wait for the release of the twelfth version that has a circulating rumour of deployment by the 4th of October. However, some sources say that the Android 12 is put on Android’s Open-Source Project instead of releasing it to the public.
Regardless of what is happening today, this is still a huge step that is significant to releasing the latest version. Finally, OTA upgrade alerts might hit eligible devices in the nearest future.