Google has released a new Android security bulletin, detailing all the vulnerabilities that have been patched with this November update. The patch breakdown was released for the November 6, 2017 patch level, and includes details on all fixes in all three of the patch levels made available earlier today, which includes November 1st, November 5th, and November 6th.
This month, the issue with the most critical security vulnerability that has been fixed was found in the Media framework. It could have enabled a remote attacker to launch code with a specially crafted file.
According to the forum post, some Google Pixel 2 and Pixel 2 XL users are reportedly not receiving the Android November security patch. That’s despite the company’s claims that it would be rolled out to every user over the course of a week beginning November 6.
It’s worth noting that most who are reporting the problem own Pixel devices operating on select carriers such as Verizon and T-mobile. Unfortunately, the problem has also been noticed on Google’s own Project-Fi network. It is worth pointing out that Project-Fi does, in fact, partially make use of T-Mobiles towers. That seems to indicate that it could be tied to the carrier networks themselves.
Google does seem to be aware of the issue. The responses seem to confirm that the problem is tied in with the networks. The builds and build numbers, meanwhile, tend to be different from carrier to carrier. Google, in this case, is responsible for the hardware, underlying operating system, and the update in question. Beyond that, the company is actually responsible for the rollout of the security update, bypassing the carriers entirely.
Having said that, the company’s configuration management (CM) team is also fully aware that there is a problem. So both an underlying cause and a fix for the problem are actively being looked into and, with any luck, that will be found before the December security patch is ready for release. Otherwise, there could be problems with that update as well.
However, none of the issues that have been fixed in this update has been reported to be actively used in the wild. This software patch doesn’t only bring security improvements. Google has added a new section to the security bulletin called Functional Updates.
That’s thanks to the fact that Android software can be installed manually – or side-loaded. That means a user could feasibly download the entirety of the OTA files and install them directly until a fix can be found by Google.
All of the relevant links can be found below. Just be sure you’re downloading the correct files—there are separate builds for unlocked and Verizon models.
- Google Pixel 2 – OPD1.170816.018 (factory image, OTA)
- Google Pixel 2 XL – OPD1.170816.025 EMR (factory image, OTA)
- Google Pixel – OPR1.170623.032 (factory image, OTA)
- Google Pixel XL – OPR3.170623.013 (factory image, OTA)
- Google Pixel C – OPR1.170623.032 (factory image, OTA)
- Nexus 6P – OPR5.170623.011 (factory image, OTA)
- Nexus 5X – OPR6.170623.023 (factory image, OTA)
- Nexus Player – OPR2.170623.027 (factory image, OTA)