Cumulations Logo

 

Google has released the October update running Android 10, including its exclusive range of Pixel smartphones. This new update fixes various bugs that allow hackers to gain full access to users' smartphones. Interestingly, this is the first security patch that is being rolled out after the initial launch of Android 10.

The October update for Android 10 fixes several bugs

Google had recently released its first monthly Android 10 update to all Android smartphones, including Pixel smartphones. It is one of the latest security patches being rolled out by Google and resolves a crucial zero-day vulnerability, which allowed hackers to have full access to users' smartphones. In other words, the Android October update addresses a total of 27 issues ranging from critical to moderate.

The most severe of these issues is an essential security vulnerability in the Media framework component, which could give access to a remote hacker to gain access to your Android 10 smartphone. By using a crafted file, the hacker would have the ability to execute arbitrary code within the context of the confidential process.

Want to know more about the zero-day vulnerabilities? Here are the details

The October update released for Android 10 by Google is mainly to address the zero-day vulnerability. In case you have still not updated your Android 10 smartphone, and it is the right time to do so. This vulnerability would also allow access to hackers to at least 18 smartphones, including Google's Pixel smartphones.

The zero-day bug is a local privilege escalation susceptibility with which the security of your whole device can be compromised. The susceptibility of your Android device can also be accessed through the sandbox. This zero-day vulnerability can be exploited in two ways. First, hackers can target users by making them install untrusted apps. Second, hackers can target the weakness in the code of the Chrome browser.  

Quite a scary proposition

If you are not scared enough, there is more. This susceptibility was allegedly utilized by the NSO Group of Israel, which is famous for its spyware software known as Pegasus. This is the reason that every Android 10 user should install the October update as soon as possible. After all, you don't want your security to be compromised at any cost.

Update for Google’s Pixel smartphones

The release of the October update of Android 10 from Google would feature an array of improvements and features for the Pixel smartphones. The zero-day vulnerability can only affect the Pixel, Pixel XL, Pixel 2, and Pixel 2 XL smartphones. The Pixel 3 and Pixel 3 XL are immune to the zero-day vulnerability.

Functional updates for Pixel smartphones

According to the Pixel Update Bulletin, several useful patches are available for several Pixel phones. Interestingly, all the Pixel phones are getting Wi-Fi stability improvements. This October update is also crucial to improve the system stability of the Pixel smartphones. So, if you are using a Pixel smartphone, update your phone to the latest patch as soon as possible.

This October Update also fixes an issue related to the memory drain in the UI. If you have been using the Pixel smartphone, you might have noticed that there are missing heads when notifications come to your device. Well, with this October update, there will be no missing heads in the notification area. This update also brings navigation and gesture stability improvements and a fix for boot loop.

Notably, the Pixel 3 and the Pixel 3 XL will also get a way to show missing notifications which were earlier missing in the Pixel stand mode. 

Pixel-specific security patches

In addition to the functional pieces, with the October update, there are various patches for the Pixel phones. This also includes the current Android security patch. Moreover, Google has also patched the recently discovered zero-day issue in the original Pixel and Pixel 2 phones as well.

According to the Pixel update bulletin released by Google, the Pixel 2 and Pixel 1 devices would receive the patch in the form of build number CVE-2019-2215. On the other hand, Pixel 3 and the Pixel 3a devices would not accept this update as they are immune to this susceptibility. Also, note that there is a fix for a high severity framework flaw that impacts the cache. This update also fixes Qualcomm components cache services.

Like earlier times, Google has published the latest OTA files along with the factory images on its developer website related to the October update. Moreover, this OTA update has also started, reaching various Pixel phones.

Some notable fixes for the Pixel devices in a nutshell

  • Fix for memory drain in the User Interface (UI)

  • Solution for bootloop in specific device locale modes

  • Stability improvements related to gesture

  • Developments related to system stability

  • Fix for missing notifications in the stand-mode

  • Stability improvements connected to Wi-Fi

  • Sensor calibration improvements 

Build Number

  • For Pixel 1 XL and Pixel 2 XL: QP1A.191005.007.A1

  • For Pixel 3 XL and Pixel 3a XL: QP1A.191005.007

The October Security Patch level vulnerability details

In the sections below, details have been provided for each of the security issues. The susceptibilities are grouped under the component which they affect. Devices running Android 10 may receive security updates along with the Google Play System Updates. 

Framework

It is one of the most severe vulnerabilities as it could enable a local malicious application to bypass UI requirements so that it can have permissions to alter device settings. 

System

The most critical vulnerability in this section could make a malicious app to gain access to system settings, thereby compromising the overall security of the user.

Media Framework

Under this section, there are high chances that a remote attacker can gain access to the crucial processes of your device by using an arbitrary code. 

Google Play System Updates

Under this section, the update seeks to resolve app-related issues and eliminates the chances of installing an app from an unknown source.

Kernel Components

In this section, the vulnerability can enable arbitrary code to alter the kernel processes, which may affect the performance and security of your Android 10 smartphone.

When will you get the update?

Lately, it has been a norm made by Google to push these updates as soon as possible to its users’. If you still not have received the update, don’t panic. Expect an over-the-air update notification in the coming days. Instead of manually downloading the files, it would be good if you wait for the OTA. 

What’s next for your Android 10 device?

Google has been quite punctual in releasing the major fixes since July. However, Android 10 has introduced a few new issues. Moreover, Google is also working round the clock to ensure that you have a flawless experience with the newly rolled out Android 10. 

Now that you have already received the first Android security patch update, be assured that your experience with the Android ten would be quite smooth. There are speculations about the release of the 10.1 version of Android anytime soon. However, it is certainly possible. For the time being, expect an OTA notification this week, and another on the first Monday of the Month in either November or December.