Google issued a security update Wednesday that patches several critical vulnerabilities found in millions of Android devices that could enable the attackers to remotely execute code on victim devices.
The Android Security Bulletin Update (July 2017) was divided into two partial security updates:
the first security update (1 July 2017) level that patches flaws in the platform itself, and the second update (5 July 2017) , which fixes device-specific flaws in several components provided by manufacturers.
“The most severe of these issues is a critical security vulnerability in media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.”
If you purchased your device from the Google Store, updates will reach your device within 2 weeks. If you bought your device elsewhere, updates can take longer.
“Security patch levels of 2017-07-01 or later address all issues associated with the 2017-07-01 security patch level.”
“Security patch levels of 2017-07-05 or later address all issues associated with the 2017-07-05 security patch level and all previous patch levels.”
Google announced an over-the-air update and firmware for Google devices have been published for its Pixel and Nexus lines of devices.