Google has released Android updates that fix numerous vulnerabilities in the mobile operating system. One of the vulnerabilities is a critical leak in a Wi-Fi component. Google releases Android updates each month together with updates for its own Pixel and Nexus smartphones.
The Android security bulletin of May 2018 patches 23 vulnerabilities of which 2 are classified as critical. These two vulnerabilities are in the Nvidia Trusted Execution Environment (TEE) and in a Qualcomm Wi-Fi component. In case of the Wi-Fi leak, an attacker can remotely execute code in the context of a privileged process. Besides that, Google patched several vulnerabilities that allowed a malicious app to get additional permissions and gain access to data of other apps, without any user interaction.
Google fixed 34 vulnerabilities in its Pixel and Nexus smartphones of which none are classified as critical.
Google has 2 patch levels of which the date indicates which patch level an Android is on. Devices that received updates in May will have ‘2018-05-01’ or ‘2018-05-05’ as patch level. Android device manufacturers that would like their device to be on this patch level have to add all updates of the Android security bulletin of May to their own updates, and roll it out to their users.
Manufacturers of Android devices and other Android partner were notified about the patched vulnerabilities at least a month ago and could have developed an update for the issue during that time, according to Google. That doesn’t mean all Android device will receive the updates, some devices are no longer supported by the manufacturer or the manufacturer releases updates later this year.