Remember, Android security patches aren’t bound to Android versions, and the above fixes concern all versions from Android 8.1 to Android 11. Older devices that are no longer supported with security updates now have an increased attack surface, as some of the vulnerabilities fixed this month are excellent candidates for threat actors to create working exploits in the future. None of the 41 flaws addressed this month have been reported to be under active exploitation in the wild, so there should be no working exploits for them circulating out there. CVE-2020-11301: Critical flaw affecting Qualcomm’s WLAN component, concerning the acceptance of unencrypted (plaintext) frames on secure networks.CVE-2020-11264: Critical flaw affecting Qualcomm’s WLAN component, concerning the acceptance of non-EAPOL/WAPI frames from unauthorized peers received in the IPA exception path.CVE-2021-0870: Remote code execution flaw in Android System, enabling a remote attacker to execute arbitrary code within the context of a privileged process.The three critical severity flaws in the set are tracked as: The high-severity flaws fixed this month concern denial of service, elevation of privilege, remote code execution, and information disclosure issues.
On the 5th of each month, Google releases the complete security patch for the Android OS which contains both the framework and the vendor fixes for that month. As such, this update also incorporates fixes for the 10 vulnerabilities that were addressed in the Security patch level, released a couple of days back. Google has released the Android October security updates, addressing 41 vulnerabilities, all ranging between high and critical severity.