Google has released the March 2017 Android Security Bulletin so users are aware of the changes that are coming with this most recent security patch. As with any Android Security Bulletin, this doesn’t just affect users who are on Nexus and Pixel devices as the changes will eventually be incorporated into other Android devices from different manufacturers, though when the changes are made will depend on when thesecurity patch actually hits those non-Nexus and non-Pixel devices. For anyone using one of Google’s still-supported smartphones, the security patch is already starting to hit devices so users will want to be on the lookout for the update, and as always if the notification about the new patch being available doesn’t show up in the status bar, users can always check for the update manually from the settings menu.
With this most recent patch, there are two different patch level strings available, each being targeted to a specific set of devices. This includes the March 1st security patch level string and the March 5th security patch level string. The former is based on a partial update and only addresses needed changes to specific devices, while the latter includes both the issues that are addressed in the March 1st string as well as additional vulnerability issues. For Nexus and Pixel devices, the March 5th string is the one to look out for asGoogle notes that supported Google devices will receive this particular patch.
A number of new vulnerabilities are fixed with this new security patch, including a higher than normal number of critical bugs, although not all of these affect Google devices. In total there are 8 separate issues that carry a “critical” label, with some of those issues including more than a few CVEs. Out of the 8 issues, 5 affect Google devices while the remaining three do not. In addition to the critical issues there are quite a few high-risk security vulnerabilities that are fixed with this patch, 8 different moderate issues, and only one low-risk issue. Some of the critical issues include an elevation of privilege vulnerability in the NVIDIA GPU driver as well as an elevation of privilege vulnerability in the Qualcomm GPU driver. Google notes that their partners were notified of these vulnerabilities as of February 6th or earlier, which means that some non-Nexus and non-Pixel devices may see this security patch being released in the near future.
