Amongst the fifty fixes recently issued by Google for its Pixel and Nexus devices, one rated ‘critical’ rectifies an encryption bug in Qualcomm closed-source components. Of the five other patches rated ‘high’, four deal with glitches that potentially allowed denial of service attacks and the fifth resolves an elevation of privilege vulnerability.
At the same time, Google’s Android Security Bulletin listed forty-seven vulnerability fixes – ten of them critical. One of several vulnerabilities in Media framework, potentially allowing a remote code execution attack on Android handsets, is considered the most threatening. The bulletin also includes four critical Qualcomm component vulnerabilities.
Google is encouraging all its users to apply the patches without delay, especially anyone who has disengaged automatic updates and now needs to check for and install them manually.