Faithful to the post, Google has just published its traditional security bulletin on a monthly basis for Android, which details the list of the vulnerabilities that are resolved with the new security patch. If it is not as strong as that of mars, in which the patches dealt 71 gaps, a record since the beginning of the year, the catalogue that disclaims the firm of Mountain View for April is a result.
There are in fact 55 gaps in the list communicated on the 6th of April, most of which do not directly affect the mobile operating system, but third-party components — especially those from Qualcomm, a supplier u.s., which provides components (modems, systems-on-chip, etc) to industry of the smartphone. This is the case for 36 of the 55 holes.
The vast majority of incidents listed by Google is considered serious, even critical : the california-based company has ranked 39 of the security vulnerabilities ranked “high,” which is the second degree of severity on a scale of three. The other 13 are classified at level ” critical “, which is the threshold the more severe. The last 3 are at risk of ” moderate “.
The risk classification is based on a repository which includes several evaluation criteria : complexity of the attack, means of access to the terminal is targeted, the role of the victim in the transaction, scope of the incident, and the existence of mitigation, and so on. According to the profile of the flaw, a score of ten is given, zero for no risk, ten for a risk maximum.
The availability of this patch will be gradual, depending on the strategy of deployment of the updates to each manufacturer of smartphones. In this area, the heterogeneity of bonus : some manufacturers deploy very quickly the patches, while others are lying around the paw. In 2019, the leading trio was made up of Nokia, Samsung, and Xiaomi, according to the follow-up of Counterpoint Research.