Good news if you have an Android device as Google is finally rolling out the April security update. This new update will be patching a lot of the Android vulnerabilities that have been causing problems. We have all of the latest news about the April security update, so continue reading to learn more about this important patch.
April Security Update Rolling Out to Android Devices
The best part about this April security update is that only 15 of the vulnerabilities being patched are listed as a critical vulnerability. That means that the other 87 vulnerabilities are not that critical for your Android device, although it is still important to get those less critical patches out as well. When you break down some of the things being patched in this April update, one of the biggest is the mediaserver component.
The mediaserver component is something that has been fixed in every update for the past two years almost. There were 15 bugs in the mediaserver component this time, with six getting the critical status and five had the high status. There were only four components that had a moderate rating. The issue with the mediaserver is that there is a remote code execution vulnerability, and this is something that could end up enabling hackers to get into the device. There were six critical issues here due to the fact that there could be this remote code execution, which could lead to memory corruption.
As far as the mediaserver flaws are concerned, it was in July 2015 when these issues were first found. The first part of the mediaserver flaw was found when the Stagefright vulnerability was discovered, and then Google began patching the components to mediaserver regularly after that. The risk though has gone down on the mediaserver side of things, mostly due to Android Nougat helping limit the risk.
The issue with that is that a lot of people are still not upgraded to Android Nougat, so the risk is still there for most people. Both the newer Android versions and the older Android versions will keep getting the mediaserver patches in the updates for the foreseeable future.
Other April Security Update Notes for Android
In the April security update, we also see a patch for the Wi-Fi firmware from Broadcom, which is a critical vulnerability. There is remote code execution vulnerability in this as well, which could allow for a hacker to use codes arbitrarily to get into the device.
The researcher who found this flaw works with Project Zero, which is Google’s security research team. He reported this back in December. This researcher also found other flaws which were patched in the April security update which was privilege escalation flaws with the Broadcom driver.
There is also an HTC touchscreen flaw within the driver that is fixed in this April security update, which is considered to be a critical flaw as well. With this privilege escalation vulnerability, the driver could end up allowing for the execution of an arbitrary code, which could be within the kernel.
This is a critical flaw because it could cause the device to become permanently compromised, which then would require a reflash of the operating system. Beyond that, Qualcomm has 41 vulnerabilities that are getting fixed in this April security update, with 21 being critical and 12 being high-risk vulnerabilities.
If you have an Android device, you should be getting the new security update right now. Just like with all security updates, they tend to roll out in waves, so you might have to wait a few days for this new security update to hit your Android device.