September’s new security bulletin covers 39 vulnerabilities spotted in Android. All are corrected by a patch being deployed.
Google released the significant Android Security Bulletin on September 7th. This new edition includes no less than 39 vulnerabilities identified and corrected with the monthly patch which will be gradually offered to the public, depending on the version of the operating system that is used, but also on the update policy of smartphone manufacturers. .
An Android patch being deployed
These 39 breaches do not present the same level of criticality: only one presents a moderate risk. All others are considered serious (31 of them) or critical (7). The bulletin published by Google does not mention a possible computer attack which would currently exploit one or more of its flaws. If it did, Google would release a separate emergency fix.
Google tracks what is called the CVSS score to determine the severity of vulnerabilities. This score proposes a scale that analyzes the characteristics of vulnerability and the conditions for taking advantage of it. For example, do you need physical access to the terminal? Should we first wait for a specific action from the victim? Is a certain level of privilege on the system required? Etc.
In its bulletin, Google specifies that the patch is aimed at smartphones that have access to at least Android 8.1, a branch that was released at the end of 2017. The following versions are also supported: 9 (August 2018 ), 10 (September 2019) and 11 (September 2020). The next version of the OS, Android 12, is not directly affected (it will of course be patched), because it has not yet been launched.