Google issues patches for Nexus/Pixel phones

December 5, 2017

Google's December Nexus/Pixel security release contained 48 issues, but with only one vulnerability being rated critical and five high, but three could result in a denial of service (DoS) situation if exploited.

Google separates its vulnerabilities by the phone component that they affect. Four of the five “high” rated vulnerabilities (CVE-2017-13154, CVE-2017-0879, CVE-2017-13149 and CVE-2017-13150) impact the media framework component and the latter three of these could result in a DoS or information disclosure, situation if exploited. The fifth “high” rated vulnerability (CVE-2017-13167) impacts kernel components and if exploited could result in an unauthorized person obtaining an elevation of privilege.

The lone critical-rated vulnerability (CVE-2017-14907) is found in Qualcomm closed-source components. Google did not state the type of issue that would arise if the flaw were left unpatched.

The remaining items patched were all had a severity rating of moderate.

All supported Google devices will receive an update to the Dec. 5 patch which the device owner must accept for the device to be properly protected, the company said.

Google issues patches for Nexus/Pixel phones

Related

Apple issues emergency patches on three new exploited zero-days

Six patch management mistakes and how to avoid them

Mozilla patches critical zero-day in its browser and email client

Get daily email updates