Google is more serious in updating the mobile platform. It’s one way of ensuring Android is always up-to-date on most mobile devices. However, it will still always depend on OEMs or mobile carriers to implement the update on different devices. We always check what’s in the Android Security Bulletin because we’re curious how our phones can be made better. As usual, it presents the possible security vulnerabilities and delivers the most recent security patch levels, particularly 2018-12-05. You are free to check the AOSP and see if the patches are available.
The latest Android Security Bulletin tackles a Media framework security vulnerability. The source is unknown but this one can allow an attacker to execute an arbitrary code even when remote. It can be done within the context of a privileged process as described by the developers.
The vulnerability can be exploited and affect a particular device. Any severity assessment will be based on whatever effect is present. It’s a good thing though there are no reports yet of abuse or active customer exploitation so before anything happens, make sure your Android device is updated.
The Android platform security includes Google Play Protect. Get the latest patch levels for your own peace of mind. Whether we admit it or not, exploitations in Android can happen.
Note this is almost the same as the Pixel / Nexus Security Bulletin available. Pixel and Nexus devices, and even the Essential Phone, are up for some functional improvements with the arrival of the 2018-12-05 security patch levels.
December's software release is here. Check your Essential Phone for the update. pic.twitter.com/tTaeQZ0kzl
— Essential (@essential) December 3, 2018