Google has fixed 107 vulnerabilities during its monthly patch cycle for Android. In the worst case an attacker could exploit one of the vulnerabilities to take full control over an Android device. To do so the user had to open a malicious email, visit a malcious website or receive a malcious MMS.
The update is pretty large compared to Google’s usual patch cycles. Only in July last year the company fixed more vulnerabilities in its mobile operating system. Back then 108 vulnerabilities were fixed.
Today the company fixed 107 vulnerabilities of which 35 are marked as critical, and these are the ones that allow an attacker to take full control over an Android device.
The critical vulnerabilities were found in Mediaserver, OpenSSL, BoringSSL, recovery verifier and in drivers from MediaTek, Qualcomm, Nvidia and Broadcom.
Google rolled out the updates to Nexus and Pixel devices, when other Android manufacturers release updates for their devices is unknown.