The June security update to the Android mobile operating system includes a fix to a problem that has been causing the Pixel and Pixel XL smartphones to randomly freeze, Google said yesterday.
Rolling out as an over-the-air software update, the latest update will arrive first on Google’s own Android devices, which include the Pixel phones and Nexus 5X, 6, 6P, and 9, as well as the Nexus Player and Pixel C tablet. Other Android device owners will receive a notification when the update becomes available, or they’ll see the new version delivered through their network carriers. Users can also choose to check for available updates and activate the latest fix manually.
Google said the most serious security vulnerability the update patches is a Media Framework issue “that could enable a remote attacker using a specially crafted file to cause memory corruption during media file and data processing.” However, there have been no reports to date of Android device owners experiencing such attacks, the company said.
Pixel Owners ‘Wait and See’
Published yesterday, the June Android Security Bulletin noted that partner companies, which include Android device manufacturers, were notified at least a month ago about the security issues addressed by the latest update. The source code patches for those issues will be made available over the next 48 hours on the Android Open Source Project repository, according to yesterday’s bulletin.
Whenever possible, Android device owners should be sure to update to the latest version of the mobile OS to avoid potential security vulnerabilities, Google said.
Since Google launched its Pixel and Pixel XL Android smartphones in October, some users have reported via the online Pixel User Community that their devices repeatedly froze at random times. Several said the issue appeared related to their uses of apps, such as Foursquare or Swarm, although uninstalling those apps didn’t always resolve the problem.
Since the June Android update became available, a number of Pixel users have said on the forum they have installed the patch and were hoping their phones would no longer freeze. Google has asked users to let the company know whether or not the update successfully resolved the issue.
New Security Challenges, Rewards
On Friday, Google also announced the kickoff of its second annual Capture the Flag competition for security experts, taking place later this month. The online competition awards points to participants who can solve Google’s specifically created security challenges and puzzles. The top 10 finalists will be invited to Google’s HQ to compete further for more than $31,000 in prizes and other awards.
Hackers and security experts are also able to earn financial rewards through Google’s Patch Rewards Program and Vulnerability Research Grants Program, which launched in 2015. Since then, researchers have received more than $1.5 million in rewards for identifying Android vulnerabilities, Google said in a separate post on its security blog.
Starting this month, Google is updating its Android Security Rewards program to increase top payouts for certain vulnerabilities. Researchers who identify bugs with remote exploit chains or exploits that could lead to TrustZone or Verified Boot compromises will now see maximum rewards of $200,000, up from $50,000. Discovering a new remote kernel exploit could now earn a reward of up to $150,000, up from the previous maximum of $30,000.