Google Rolls Out November 2018 Security Update For Pixel, Nexus Devices


Google has put out the official Android Security Bulletin for November 5, 2018, and it contains 36 new security fixes compared to the patch from October. Of these fixes, four are critical-level, and pertain to exploits that would allow unauthorized elevation of privileges and remote code execution by attackers. These four fixes are all in the media framework category. Additionally, 17 of these fixes apply to Qualcomm-specific components. This does not necessarily mean that the issues fixed can only be found on devices with Qualcomm processors, of course; Qualcomm components for networking and other functions have found their way into many chipsets these days. Finally, the Android team managed to find a large number of severe vulnerabilities in the fairly new Libxaac media compression and decoding library, and it has thus been marked as experimental and removed from all production Android builds going forward. If your build has it, this security patch will remove it.

Background: This month's patch has a heavy focus on network-centric vulnerabilities found in Qualcomm hardware, though many of those fixes are low-level. The critical and high-level fixes, in large part, revolve around stopping would-be hackers from gaining control of users' Android devices through privilege escalation in malicious apps, or by executing arbitrary code remotely on compromised devices. A lot of the fixes on the Qualcomm side are for closed-source components, which normally means that Qualcomm developed the fixes itself and sent them on to Google for integration. None of the software-side fixes in this patch, curiously, go any further back than Android version 7.0 Nougat. This presumably means that Google is leaving Android 6.0 Marshmallow behind, which would make sense, since it was introduced back in 2015. Finally, the removal of Google's own Libxaac is a bit of a blow to Android on the media front, a battle that the platform has traditionally lost to Apple. The creation of new Android-specific audio latency fixes and libraries has softened the blow, but this setback does not necessarily make Apple the OS vendor of choice for hardcore audiophiles, musicians and the like – Android has caught up in many regards, and the temporarily scrapped library would have simply further improved support for AAC-based media types.

Impact: Those still rocking Android devices running versions older than 6.0 Marshmallow won't see any changes. Those on newer, covered Android versions can expect this patch to make their media framework much safer, taking some of the risk out of potentially malicious apps or other things that would get in through the media libraries. Loaded and compromised media files are a fairly common thing to find on the net, endangering those who would rather have their media on their device than stream it from an outside source. Additionally, any devices that use Qualcomm components will see many severe security holes patched up. As always, Pixel devices and newer Nexus devices can expect the patch to hit fairly soon over the air. Since this one contains a lot of low-level system fixes for Android in general and for Qualcomm hardware, it could take a while to reach carrier variants and heavily-skinned versions of Android from the likes of Samsung and LG.

November 2018 Security Update - Factory Images November 2018 Security Update - OTA Images

Share this page

Copyright ©2018 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Senior Staff Writer

Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, Voice assistants, AI technology development news in the Android world. Contact him at [email protected]

View Comments