Security Patch: Android November Update Addresses RCE Vulnerability

Buzz

Ngày cập nhật gần nhất: 15/4/2026

Google has rolled out the Android security update for November, tackling remote code execution (RCE) and privilege escalation issues. In October, Alphabet, the parent company of Google, accidentally released a preview version to at least one Google Pixel user. The OTA update is internally developed to counter these vulnerabilities.

RCE and EoP Identified as Critical Vulnerabilities

Until phone manufacturers and mobile network operators release the latest Android Endpoint patches for users, a significant RCE vulnerability marked as CVE-2018-9527 affecting versions from Android 7.0 (Nougat) to Android 9.0 (Pie) was discovered.

=> Explore ways to enhance Android security here.

In addition to the RCE vulnerability mentioned above, another RCE vulnerability, specifically CVE-2018-9531, is also considered a critical issue, but it only affects Android Nougat. Both vulnerabilities reside in the Media Framework of the operating system, allowing attackers to execute arbitrary code on the system in the context of a privileged process.

Other Privilege Escalation Vulnerabilities Identified as CVE-2018-9536 and CVE-2018-9537, Affecting Android Nougat

Information Leakage Vulnerability

One of the six security vulnerabilities exploited to disclose information from the Android system is considered a severe vulnerability. These vulnerabilities can be remotely exploited, leading to the leakage of data accessible to locally installed applications with privileges.

Half of these vulnerabilities impact various Android versions (from Nougat to Pie), while the other half only affects the latest Android versions.

Security Flaws in Qualcomm Components

Google also lists 14 different security flaws discovered in Qualcomm components. Detailed information is available in Qualcomm's November Security Bulletin, where three of the vulnerabilities are assessed as extremely severe.

- CVE-2017-18317 affects Trusted Execution Environment (TEE), allowing bypassing restrictions related to the modem (SIM lock, SIM deactivation).
- CVE-2018-5912 is a buffer overflow in the video component.
- CVE-2018-11264 impacts various Qualcomm chipsets' biometric components, leading to buffer overflow in fingerprint code.

Security Flaw in Libxaac Library

In the Android Security Bulletin, Google also announces that the experimental Libxaac library for multimedia compression and decompression is no longer integrated into Android builds.

This decision comes after discovering approximately 18 security flaws in the library. The library will be removed from devices after users install the latest Android security update.

Use Google to search internet data directly on your phone by

- Download Google for Android
- Download Google for iPhone

Check out the latest Android security update for November and the RCE vulnerability fix at this link.

Mytour's content is for customer care and travel encouragement only, and we are not responsible.

For errors or inappropriate content, please contact us at: [email protected]