Connect with us

Hi, what are you looking for?


Mobile & Wireless

Google Patches Critical Android Flaws With October 2017 Updates

Google this week released its October 2017 Android patches, which address a total of 14 vulnerabilities in the mobile platform, including five rated Critical severity.

Google this week released its October 2017 Android patches, which address a total of 14 vulnerabilities in the mobile platform, including five rated Critical severity.

Split in two, the Android Security Bulletin—October 2017 resolves issues affecting various platform iterations, ranging from Android 4.4.4 to Android 8.0. The most severe of these could lead to arbitrary code execution or to applications being able to gain additional permissions without user interaction.

The first set of patches arrives on devices as part of the 2017-10-01 security patch level, meant to address a total of 8 vulnerabilities, including 3 Critical severity, 3 High risk, and 2 Medium severity.

With six vulnerabilities addressed in it, Media framework was the most impacted component. Three of these issues were rated Critical, all three leading to remote code execution. Additionally, a High severity elevation of privilege and two Moderate risk information disclosure bugs were addressed in it.

Other impacted components included framework, with a High severity elevation of privilege issue addressed in it, and System, with a High risk remote code execution bug patched.

The vulnerability addressed in System is CVE-2017-14496, a bug related to the Dnsmasq network services software. The release of Dnsmasq 2.78 on Monday addressed this issue and several others, including remote code execution flaws.

Google addressed six vulnerabilities as part of the 2017-10-05 security patch level, two listed as Critical severity and four listed as High risk.

Advertisement. Scroll to continue reading.

The Critical bugs, one remote code execution and one elevation of privilege, along with a High risk elevation of privilege issue, impacted Qualcomm components. Two of the remaining High risk issues impacted Kernel components, while the third impacted MediaTek components. All three were elevation of privilege bugs.

In addition to the Android Security Bulletin, Google published a separate security bulletin detailing vulnerabilities addressed in Nexus and Pixel devices. As part of this month’s fixes, Google resolved issues affecting framework, Media framework, System, and Broadcom, HTC, Huawei, Kernel, Motorola, and Qualcomm components.

Fixes for a total of 38 vulnerabilities were included in the Pixel/Nexus Security Bulletin—October 2017: four High risk, 32 Medium severity, and 2 Low risk. Most of the issues were elevation of privilege and information disclosure bugs.

22 of the vulnerabilities were addressed in Qualcomm components, most of which affected WLAN. Media framework was the second most impacted component, with six vulnerabilities addressed in it, including one affecting all Android versions from 4.4.4 to 8.0.

Related: Google Patches 81 Android Vulnerabilities With September 2017 Updates

Related: Google Resolves Critical Vulnerabilities in Android’s Media Framework

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...