Android 10, the latest version of Google’s mobile operating system, was released for Pixel devices on September 3. Now, the mobile OS is getting its first major update in the form of October security patch. The security update is rolling out to all Pixel phones and it includes fixes for vulnerabilities ranging from moderate to critical. The security update also includes usual set of bug fixes and full download and OTA links are live as well.
The October security patch resolves a total of 8 issues and is dated either 2019-10-01 or 2019-10-05. There is also a security patch dated 2019-10-06 that Google says addresses all the known issues. The vulnerabilities are categorized as ranging from moderate to critical. As with any Android security update, the update brings fixes for the severe vulnerability that affects the media framework. This could allow a remote attacker to execute arbitrary code through a crafted file on affected devices.
With Android 10, Google introduced Project Mainline which will expedite how updates are delivered to Android devices with Google Mobile Services. Google says the Android Security Bulletin identifies security issue and will remedy the same via Google Play system updates. The October security patch addresses vulnerabilities across framework, media framework, system, Google Play system updates. The patch dated 2019-10-05 brings patch for kernel components, Qualcomm components and closed source components.
The October security update also addresses a critical vulnerability discovered by Project Zero Team that affected Pixel and Pixel 2 devices. The vulnerability could give attackers full device control if a malicious app is installed. The dedicated bulletin for Google’s phones and tablets also lists three security fixes and eight functional updates.
In the Android Security & Privacy 2018 Year in Review, Google confirmed that “no critical security vulnerabilities affecting the Android platform were publicly disclosed without a security update or mitigation available for Android devices.” It also notes that there was an 84 percent year-over-year jump in security patches during fourth quarter of 2018 compared to the previous year. It has also enforced new guidelines mandating OEM partners to release security update at least once every three months.