Two Android Patches Released, 102 Bug Fixes For OS, Qualcomm-run Drivers

Two new sets of Android patch have been issued to provide fixes for 22 bugs in the operating system as well as over 80 bugs in component drivers that mostly affect devices with Qualcomm components. The first batch of patch addresses flaws in Android's system-level software, which everyone needs to install while the second batch squashes bugs in hardware drivers and kernel level code specific to certain model devices.

The Android bulletin has two security Android patch level strings that provide their partners with the flexibility to move more quickly towards fixing a subset of similar vulnerabilities across all Android devices, Android reported. The first set of patch is labeled 2016-08-01, which is a partial security patch level string. The second set is labeled 2016-08-05, on the other hand, is a complete security patch level string.

The first patch closes holes in Android 4.4.4 to the current build, The Register reported. These holes include the programming blunders in Mediaserver, which can be exploited by a specially crafted MMS or an in-browser media file to potentially execute malicious code on a device. There are also fixes for 10 highly severe bugs affecting libjhead, Mediaserver, and one in the system clock which could be used to crash a device. The remaining nine core OS bugs are rated as moderate.

The second patch bundle contains fixes for driver-level code, which will be necessary depending on the user's hardware. It predominantly fixes problems with Qualcomm's driver software, Qualy being the dominant Android system-on-chip designer. These Qualcomm bugs are the kinds of bugs to watch for as these low-level flaws were used to blow apart Android's full-disk encryption system last month.

Android patch marks the anniversary of Google's monthly patching regime for Android in response to the first Stagefright bugs revealed in July. Stagefright has pushed the Android ecosystem into taking security measures more seriously. It is also partly why US regulators are currently investigating how device makers, carriers and OS vendors orchestrate end-device patching.