Another month. Another Android security update. Like how it is with Windows security patches, end-users are probably feeling bored. Even techies might get a little bored with the spate of OpenSSL vulnerabilities since Heartbleed. Oh, what do you know, this month’s Android security patch fixes another OpenSSL bug, which also affects Google’s fork known as BoringSSL.
There are a bumper crop of fixes this month, so much that for the first time Google has chopped the fixes into two parts. The two separate security patch levels, 2016-07-01 and 2016-07-05, are intended to provide Android partners with the flexibility to move more quickly to fix a subset of vulnerabilities that are similar across all Android devices.
Security patch level 2016-07-01 includes fixes for 22 vulnerabilities, while security patch level 2016-07-05 includes all prior fixes plus an additional 32 vulnerabilities. The following table show a breakdown of the vulnerabilities and severities. In other words, there are a total of 54 vulnerabilities addressed this month. The following table summarises the key numbers:
| 2016-07-01 | 2016-07-05 (additional) | |
|---|---|---|
| Critical | 2 | 7 |
| High | 11 | 18 |
| Moderate | 9 | 7 |
So it looks like July is an important update. The pesky Mediaserver appears 6 times.
Read the full Android Security Bulletin – July 2016 for full details.
View Comment Policy