Welcome back to another thrilling episode of Google's Monthly Security Update. February has arrived, and that means it is time for Google to outline all of the patches being made to Android and point out who made those patches.
For the uninitiated, Google (and the Android Open Source Project) accepts contributions from external sources as well as the teams inside Google. Every month these contributions are sent to Google's partners so they can update their own devices, and roughly a month later those updates are pushed to the Nexus line. Some partners are really good about updating their products, but this monthly cycle is still a challenge for many companies using Android on their products.
Here's what's being fixed this month.
The issues marked Critical by Google's internal team this month are all about escalation of privileges and remote code execution. The February update will address remote code issues in a Broadcom Wifi driver as well as the Mediaserver, while dealing with escalation issues in Qualcomm's performance module, Wifi driver, and debugger daemon. There also are escalation vulnerabilities being addressed in the general Android Wifi and Mediaserver systems, but these issues were marked High instead of Critical in Google's severity list. An update to the Minikin library addressed a possible Denial of Service vulnerability as well.
As always, Google claims there are no reports of active customer exploitation using the issues that have been reported and and patched in this update.
Two CVE markers labeled Moderate by Google point to a way to bypass the factory reset protection in the Android setup wizard, and these issues have been patched. While Google has marked this issue Moderate, it's important to understand what this issue means for users. A vulnerability existed that allowed someone who knew how to bypass the security measure that keeps someone from accessing your phone just by performing a factory reset. As is often the case, Google claims there are no reports of active customer exploitation using the issues that have been reported and and patched in this update.
Nexus users who want to flash this update right now can head to the Google Developer site and grab the latest release for flashing. An OTA update with this patch will be available to Nexus phones and tablets in the immediate future, though BlackBerry Priv owners may have noticed this OTA update was available this morning and can be installed now. See you next month!
We may earn a commission for purchases using our links. Learn more.
Luna is both a safe bet and Amazon's best idea in years
Is "rolling your own" Netflix-style game library what we really want? Amazon thinks so.
Google's parent company settles shareholder lawsuit over sexual misconduct
Following sexual misconduct reports from 2018, Google has settled a shareholder lawsuit and announced major changes to how the company operates in these regards — including no severance packages for employees fired over sexual misconduct.
Pixel 5 and Pixel 4a 5G won’t launch until weeks after September 30 event
Google’s announcing its new Pixel phones, the Pixel 5 and Pixel 4a 5G, on September 30. Unfortunately, you’ll have to wait a while longer before they actually launch.
These are the best rugged Android phones
Living the rough and tumble life? Get yourself a smartphone that can handle everything you throw at it — or throw your phone at.