It’s the first week of the month of June, and as regular as the sun rises and sets, we have the monthly Android Security Bulletin for June 2018 now available. This has been happening on a monthly basis since the Stagefright vulnerability came out, and Google has been steadily patching vulnerabilities in Android month on month. This year, a new Nexus/Pixel-centric update came out as a separate patch for issues specific with Google’s handsets.
For the June 2018 security patch, Google is fixing high severity vulnerabilities in the framework, the severe of which “could enable a local malicious application to bypass user interaction requirements in order to gain access to additional permissions.”
As always, there are fixes in Android’s media framework, which is quite possibly the most unsecure element of the platform. Critical vulnerabilities in the media framework include “allowing a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.” Up until now, Android development teams are still securing the Android framework and Media framework, a process that begun with the Stagefright bug and feels like it won’t end anytime soon. There are also critical fixes for the Android system which could allow hackers to gain access using downloaded apps or files.
For the Nexus/Pixel-specific patch, check out the image below (from XDA) for all the fixes:
You can wait for the OTA updates to roll out if you have Pixel or Nexus phones – these should be coming pretty shortly. Or you could always do it the manual way – check out the source links below for the download and flash instructions.