Google launches October 2018 security patch for Pixel and Nexus devices

In short: The "Pixel / Nexus Security Bulletin" has been released. It describes the upcoming changes with the October 2018 Android security patch update, and apparently no additional security patches were needed. This does not mean that there is no change in the operating system. There are actually 26 security patches for Android, but none are specific to Pixel and Nexus handsets. For devices manufactured by Google, four additional bugfixes were included, starting with a patch for all devices eligible for updates, which changes the call filtering behavior to improve performance when Maps is used for navigation . Pixel 2 and Pixel 2 XL users will see improvements in stability for Android Auto and improved performance when playing certain protected multimedia formats. Original Pixel and Pixel XL owners will see improvements in fast loading behavior.

Context: The most important changes listed in the latest bulletin aimed at Pixel users are probably corrections to the fast load and improvements of Android Auto. These two features have recorded a significant amount of negative reactions in recent weeks. More recently, the fast loading features present in Google Pixel smartphones have stopped working for many users with the installation of Android 9 Pie. Despite the promises made to solve the problem almost immediately after its discovery, no solution has yet been implemented. The nature of the "enhancements" listed in the last bulletin and the specification that they are intended for the handset in question seem to suggest that it is the patch that Google is talking about with the security patch. October.

Impact: Although Google's devices do not receive any security patches aimed directly at fixing the holes that are only present in Pixel or Nexus brand phones, there are several in the more general Android Security update. All, with the exception of seven of them, fix vulnerabilities detected in Android devices running operating system versions from Android 7.0 Nougat via Android 9 Pie. Of the patches designated for these versions, only one is considered a "moderate" level of risk. Three of the patches are kernel components and are categorized as High Severity, while eight of the changes are identified as Critical. Six of these are remote code execution vulnerabilities that would allow code to be run on handsets in a global distance manner. In this order of ideas, the remaining two critical patches are marked as being related to an elevation of privilege that would allow an installed application to grant itself the necessary permissions to perform secondary actions or perform code.