Google’s November Android Security Bulletin patched 15 critical vulnerabilities, but only a supplemental patch for the Dirty Cow Linux vulnerability.
Core Security disclosed details on an Android Wi-Fi Direct denial of service vulnerability after Google said it had no timeline to patch the issue. The two sides also disagreed on the severity of the flaw.
Google has decided that it will no longer provide Webview patches for Android systems running Jelly Bean 4.3, or older, putting the onus on OEMs and the open source security community to provide patches to users.
The CERT Coordination Center at Carnegie Mellon today released a list of Android applications hosted on Google Play and Amazon that it says fail to validate SSL certificates over HTTPS.