Just like clockwork, Google releases a new Android Security Bulletin at the beginning of every month, and the January bulletin went live on Tuesday. With it, the search giant published a rundown of exploits that were fixed in this month’s patch and where they originated in the system. All of the vulnerabilities were of the critical or high-security variety, and so this security update is of utmost importance. Luckily, it’s already available in factory images for the Google Pixel and the Nexus 5X/Nexus 6P.
Most of the fixes pertain to Android’s media framework. The worst exploit patched in the January Android Security Bulletin let remote attackers make specially crafted files that’d allow remote code execution on your smartphone — if you weren’t careful, a malicious file downloaded from the internet could’ve given full control of your phone to a hacker. The patches for other device components involved fully privileged code execution, and the Android runtime and Android system.
The January Security Bulletin also ships with small functional improvements involving over-the-air update performance after fresh installs, and a tweak in Android’s keystore key upgrade behavior.
If you’re on the 2018-01-05 security patch level, you’ll benefit from more fixes, including HTC, LG, MediaTek, Nvidia, Qualcomm and kernel components and additional media framework fixes.
If you have a Pixel device or a Nexus 6P/Nexus 5X, there’s even better news: The update is already live (and includes the 2018-01-05 patch level), and you can download and flash the system image yourself. These devices also have their own Security Bulletin, which addresses vulnerabilities not affecting devices other than those in the Pixel and Nexus line.
You can check out the Android Security Bulletin below, along with the links to download the factory image.
Source: Android Security Bulletin
Source 2: Pixel/Nexus Security Bulletin
Source 3: Pixel/Nexus Factory Images