Google has this morning released their monthly security bulletin for Android with three patch levels available. As well as the bulletin which outlines common vulnerabilities, Google has also posted updated factory images and OTA files for supported Nexus and Pixel devices.
The three patch levels: include a 1st of November, 5th of November and 6th of November patches, with partners advised of the latest vulnerabilities within the last month. Google says that ‘Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours’.
While no reports of active customer exploitation or abuse of the reported issues in this months bulletin have been found, a serious vulnerability in Media framework which would allow an attacker to remotely execute code within a privileged process was found – and patched.
The 2017-11-06 patch also includes a patch for the KRACK Wi-Fi vulnerabilities found last month.