Google starts rolling out its March Android Security update, which is basically for Pixel and Nexus devices. This new update, which covers different Pixel devices and Nexus devices ( Pixel 2, Pixel 2 XL, Pixel, Pixel XL, Pixel C, Nexus 5X, and Nexus 6P) fixes 16 critical vulnerabilities as well. In addition to the many issues that the update fixes, it also includes improvements specifically for two models- the Pixel 2 and Pixel 2 XL.
The March Android Security patch comes in two dates: March 1 and March 5. The March 5 update includes its own set of fixes, as well as those addressed by the March 1 update.
The Security update is available in the form of an OTA (Over-the-Air) roll out; alongside Google has also released factory images and OTA zip files of the update.
How to Check Update Availability on Your Device
It’s possible and quite easy to check the availability of this Android security update on your eligible device. You just need to go to Settings > System updates. You could also alternatively install OTA zip files on your device with an unlocked bootloader. Note that OTA zip files can also be sideloaded, on top of your existing software version. The advantage of this is that it helps retain user data. If you are a pro, you could even pick the updated factory images. You should always back up your data before you begin installing the update via a factory image.
37 Issues Fixed
The March Android Security Update fixes 37 issues in total, of which 16 are critical vulnerabilities. The update patch level dated 2018-03-01 fixes 16 issues whereas the next patch level, dated 2018-03-05 fixes 21 issues. The vulnerabilities fixed range from high to critical; among the issues fixed, the most severe one is related to the media framework which could allow a remote attacker to use a “crafted file” to execute arbitrary code. The Android Security Bulletin says- “The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.”
As per the Android Security Bulletin for the month of March, there are 16 issues resolved in the March security update patch level dated 2018-03-01, while the 2018-03-05 patch level addresses 21 issues. Vulnerabilities range from high to critical, and the most severe is related to the media framework that could allow a remote attacker to execute arbitrary code through a “crafted file”. Importantly, Google notes that there are no reports of any active customer exploitation or abuse of the newly reported issues.
Google also points out that there have been no threat reports at all of any active customer exploitation or abuse of these newly reported vulnerabilities.
As a postscript, we’d, however, remind every Android user that in addition to keeping themselves abreast of security updates and emerging technologies, it’s equally important to secure their devices with basic security software, starting with the antivirus for Android, the best antivirus in fact.