The first Monday of every month has become synonymous with Google publishing a security update for the Android operating system based on internal and external reports from security researchers. October’s security patches have just been released. Nexus devices such as the Nexus Player should be getting the OTA update in the next few days.
The good news is that in terms of common security issues, there are no critical vulnerabilities listed in this month’s bulletin. There are a handful of issues reported specifically for some devices though. The majority of Nexus critical issues relate to the kernel, where applications can execute arbitrary kernel code due to some vulnerabilities. Most of these do not relate to the Nexus Player.
Some other security patches fixed include privilege escalation in the Framework Listener, Camera, or Telephony processes. A handful of lock screen issues were fixed. One consisted of the Lock Settings Service being able to clear a device pin from a malicious application. Another allowed a fingerprint to log in an incorrect user.
A handful of other fixes were to the MediaServer, which though recently redesigned, still seems to have some vulnerabilities.
With Google’s big press event, they may show off a number of new devices that connect to more devices. These devices must show that they’re secure enough to handle user’s private information. As Google’s platform evolves, so must it’s security. They’ll issue another security bulletin next month with more fixes not just for the latest version of Android (7.0) but for earlier versions where the vulnerability is significant enough.