Android Security Bulletin—April 2017

The AprilAndroid Security Bulletin provides a discouragingly long list ofvulnerabilities fixed in the latest update (for those with devicessufficiently well supported to receive them). "The most severe ofthese issues is a Critical security vulnerability that could enable remotecode execution on an affected device through multiple methods such asemail, web browsing, and MMS when processing media files." There'salso a fix for CVE-2016-10229, which is a remotely exploitablevulnerability in the UDP stack that was fixedin the 4.5 and 4.4.21 kernels. Those kernels were not vulnerable as theresult of other work, but older kernels with backported fixes (Androidkernels, for example) were.