Google Fixes 74 Android Security Flaws with December Patches


December 7, 2016

Google has rolled out two security patches for Android devices earlier this month that address a total of 74 vulnerabilities in the operating system, including 11 that are rated as critical.

Specifically, Google’s December 2016 security patching cycle included two different releases, each of which came with fixes that were aimed at both Google and other Android devices.

The so-called 2016-12-01 security patch level includes 5 different fixes aimed at vulnerabilities flagged as “high” severity and 6 others for moderate issues. There are two different remote code execution flaws patches with CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, and CVE-2016-6768, two denial of service vulnerabilities, four elevation of privilege vulnerabilities, and two information disclosure holes.

It’s important to note that Android 7.0 or later is not affected by these vulnerabilities if they are already running the latest updates. On the other hand, the rest of the Android versions on the market, starting with 4.4 and ending with 6.0.1, are all targeted by these updates.

Then, there’s the 2016-12-05 security patch level, which comes with a bigger number of fixes. There are 58 patches included in this update, 11 of which are rated as critical, 33 as high, and 14 as medium severity risk.

Most of the vulnerabilities fixed with this update would allow for elevation of privilege and Google says that both its own devices and other Android phones and tablets on the market were exposed. Once again, all versions of Android starting with 4.4.4 should install the patches as soon as possible.

Read full story…