Patch/Configuration Management, Vulnerability Management

Google issues patches for Nexus/Pixel phones

Google's December Nexus/Pixel security release contained 48 issues, but with only one vulnerability being rated critical and five high, but three could result in a denial of service (DoS) situation if exploited.

Google separates its vulnerabilities by the phone component that they affect. Four of the five “high” rated vulnerabilities (CVE-2017-13154, CVE-2017-0879, CVE-2017-13149 and CVE-2017-13150) impact the media framework component and the latter three of these could result in a DoS or information disclosure, situation if exploited. The fifth “high” rated vulnerability (CVE-2017-13167) impacts kernel components and if exploited could result in an unauthorized person obtaining an elevation of privilege.

The lone critical-rated vulnerability (CVE-2017-14907) is found in Qualcomm closed-source components. Google did not state the type of issue that would arise if the flaw were left unpatched.

The remaining items patched were all had a severity rating of moderate.

All supported Google devices will receive an update to the Dec. 5 patch which the device owner must accept for the device to be properly protected, the company said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.