Here we will gather what has changed in the latest safety reports issued by Google. These reports translate what has been modified and sent in the updates your device receives.
February Security Update
Updated by Stella Dauer (8/2 s 16h)
Released February 4: In the security patch released by Google this month, fixes arrive for 42 system issues and vulnerabilities. These flaws reach Android versions 7.0, 7.1.1, 7.1.2, 8.0, 8.1, and 9, with moderate to critical severity.
As always, holes are fixed that plug holes that could have been exploited by malware and intruders, and in addition to Google fixes, there are also those made by Qualcomm, which does not release everything it fixes. The most serious of these problems is a Critical Framework security vulnerability that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process.
And if the last two security updates brought tweaks and fixes for the Pixel, that month nothing was added. The "About device" option is now at the root of Settings, and the update pauses if you are using the device.
Samsung said on its website that it has fixed 12 vulnerabilities, including misuse of memory and leaking words learned in S-Voice with the screen locked. LG has reported that it has released patches for the G6, G7, V30, V35, V40, Q6, Q8, CV1, CV3, CV5A, CV7A, LV7, LV9 and SF3 patches, making it clear that There are no more updates for the G5. Nokia and Motorola did not release information for February.
February Security Update
Released January 7: In the security patch released by Google on the first day of the month, fixes arrive for 27 system issues and vulnerabilities, a low number. These flaws reach Android versions 7.0, 7.1.1, 7.1.2, 8.0, 8.1 and 9. The severity of the problems ranges from high to critical.
This update also makes the death of the Nexus line official, whose latest representatives, Nexus 5X and Nexus 6P, no longer receive updates. the end of an era. However, the least famous Pixel C has received its update, even though it's on Android Oreo. For the other Pixels, the update brings the solution of the "Check for Updates" button problem, which now works normally, and also improves the audio quality of video recordings on Pixel 3 and 3 XL.
As always, holes that fix holes that could have been exploited by malware and intruders, as well as Google fixes, have been fixed by Qualcomm and NVIDIA. The most serious of these problems is a critical system security vulnerability that could allow a remote attacker to use a specially crafted file to execute arbitrary code within the context of a privileged process.
Samsung said on its website that it has fixed 4 vulnerabilities, while LG has reported that it has released patches for the G6, G7, V30, V35, V40, Q6, Q8, CV1, CV3, CV5A, CV7A, LV7, LV9 and SF3 patches. two high severity problems, one of which is a vulnerability in GPS when emergency dialing is used.
December Security Update
Released December 3: December has arrived and there is news beyond the security fixes. For the Pixels, the schedule has stabilized and all j line devices have been updated.
For Pixels 3 and 3 XL, the security update comes along with stability fixes for the device, improving RAM management and bringing improvements to the camera, as well as compatibility with new software. Many of these updates have also come for Pixel 2 and 2 XL.
It is important to note that this was the last security fix sent to the Nexus line, covering the Nexus 5X and Nexus 6P models. From now on, only the Pixel line will be updated by Google, following the promise of three years of security updates.
The 54 bug fixes hit Android versions 7.0, 7.1.1, 7.1.2, 8.0, 8.1 and 9 (note that there are corrections for version 6 and 9). The severity of the problems goes from high to critical, although Google has not received reports of problems reaching users.
The most serious of these problems is a critical security vulnerability in the media structure that could allow a remote attacker to use a specially crafted file to execute arbitrary code within the context of a privileged process.
But there are also fixes on bootloader, automotive multimedia, networking, Linus and others. Samsung has brought 40 items, in addition to those provided by Google, which addressed issues with Security Folder, Quick Tools, Dual Messenger, Clipboard, among others.
LG said it has fixed 3 flaws in addition to those provided by Google for the models G5, G6, V10, V20, V30, Q6, Q8, X300, X400, X500 and X cam. Nokia and Motorola have not released specific information for their devices. .
November Security Update
Released November 5: In November 36 problems were fixed. These flaws were with Android versions 7.0, 7.1.1, 7.1.2, 8.0, 8.1, and 9 (note that there were corrections to version 6 and entered to version 9). The severity of the problems ranges from moderate to critical.
It is important to note that this was probably the last security patch sent to the Nexus line, covering the Nexus 5X and Nexus 6P models. From now on, only the Pixel line will be updated by Google, following the promise of three years of security updates.
The most serious problem fixed this month could allow a nearby attacker to use a specially crafted file to execute arbitrary code in the context of a privileged process. Other flaws allowed a local malicious application to execute arbitrary code within the context of a privileged process, or for a remote attacker to use a specially crafted file to execute arbitrary code in the context of a privileged process, or for a remote attacker to access normally accessible data only to locally installed applications with permissions.
Other issues fixed in November include components such as Bootloader, EcoSystem, DSP_Services, and Qualcomm components.
Samsung said on its website that it has fixed 8 vulnerabilities (in addition to Google's own), including malicious use of the emergency dialer and voice assistant, and notification and memory issues. Security issues with DeX have also been resolved. LG said it has released patches for the G5, G6, V10, V20, V30, Q6, Q8, X300, X400, X500 and X cam models, correcting issues sent by Google and also a Knock code issue. Nokia and Motorola have not released specific information for their phones.
What are Android security updates
These updates are running in another sector of Google, dedicated solely to mobile operating system security. Every day Google engineers and contributors around the world identify new system vulnerabilities. Sometimes these breaches are discovered by malicious people as well.
As a result, Android security updates cannot be released at the same speed as new versions of the system, or many smartphones would be exposed to problems for a long time. Thus, the cadence of these monthly updates. Security updates are independent of Android updates and flavors.
How Android Security Updates Work
As I said, engineers and everyday people identify security vulnerability in the system. As a matter of fact, Google's special area for it is starting to work almost immediately, and updates to Android.
As soon as they are ready for testing, they find out if with this update the vulnerability is neutralized and if it does not harm or break any other part of the system. Once it's done, Google warns partners (developers and manufacturers) about the update.
In newsletters, they describe the problem solved and the update itself, and manufacturers can now start testing on their line of handsets that are able to receive the update. There is no way to upgrade all existing handsets, as some are no longer supported by the manufacturer and others no longer accept the type of upgrade made.
When manufacturers and developers finish testing, security updates begin to be sent to devices and customers, and Google makes the same file available for Nexus and Pixel devices. These updates usually arrive via OTA, ie via Wi-Fi or data.
Finally, Google publicly publishes the update data for that month and makes the file available for the Android Open Source Project, where independent developers (such as those producing ROMs) can access everything.
Remember that the manufacturer releases the update with only the necessary fixes for your device, including the ones it identified and fixed among its developers.
Google should force manufacturers to distribute their monthly security updates.
You have already realized that the major factor for a security update to come to you is the goodwill of the manufacturers. If they do not make the effort to provide users with updates, their smartphones will remain vulnerable. Few manufacturers distribute updates to their devices every month. Some wait several months for this.
How to check your Android security update
This information is usually in your smartphone settings, next updates area, but we will show you where to access this information on devices from some manufacturers:
- Motorola: Go to Settings> System> System Updates
- Sony: v in Configure> System> About
- Asus: v in Configure> System> About
- LG: v in Settings> General> About Phone> Software Information
- Pixel: v in Settings> System> About Device> Android Version
Why is your smartphone not up to date with updates?
There are a number of reasons why your device does not have the latest security update. Here are some factors:
- You have not scheduled the automatic update. Just look for updates and get it done;
- The manufacturer or carrier has anticipated the update time for your device (manufacturers generally promise updates for up to one year longer than the limit set for system updates by Google, which is usually 18 months);
- Your Google Play Services is not up to date;
- Your fake smartphone;
- The manufacturer ignored its promise and simply did not want to upgrade its device anymore. It may have sold little, gone offline, or not be a priority for the company (as it happens).
How to help with security updates
The best thing you can do to help Google keep your smartphone safer is to charge manufacturers to keep their device up-to-date, and to avoid buying those that are too late in updates. In AndroidPIT we have shown where the device is at the date of the review.
Another item that helps allow Google and the manufacturer to collect anonymous data from your smartphone. You usually choose this when setting up a new device. You may also, when you come across an app that has closed, choose to submit a bug report to Google
. (tagsToTranslate) security update android (t) security update android (t) update january android (t) update august android (t) security update android (t) what is security update android (t) security update january