Google is very busy in updating the Android OS with the third and most probably the biggest security patch update which the company will release this year. The Android update in March 2017 fixes 105 security issues.
This marks a great increase in the number of identified security flaws ever since when Google released a patch for Android back in March 2016 when it contains only 19 flaws and fixes for them, while this year’s patch will fix around 105 flaws. Totally, Google has provided patches for 253 Android vulnerabilities. Nearly 90 of these are patched in January, 58 in the month of February and then 105 in March.
According to their official post on the Android blog, The Google has regarded 35 of these 105 vulnerabilities as a highly critical regarding the severity level. Just like the old times this time also, the media server component is believed to be a very important source of many vulnerabilities.
Out of the 35 critical flaws, 9 are remote code execution vulnerabilities identified in Google’s media server whereas the same component is believed to be harvesting seven more high impact denial of service flaws. Two of the 35 vulnerabilities have been labeled as having a moderate impact. Google has always made it a point to patch media server oriented vulnerabilities in all of its updates, but it hasn’t yet disclosed the potential risks that these flaws pose to users. According to Android security director at Google, Adrian Ludwig, there haven’t been any confirmed cases of exploitation of users resulting from the Stagefright media server flaws.
There are around 35 flaws that are Qualcomm driver oriented and patched in the March 2017 Android update by Google. These flaws include privilege boosting issues in some its components such as Wi-Fi, bootloader, networking, fingerprint sensor, GPU drivers, and the camera. Six of all these 35 Qualcomm driver flaws are rated critical.