The company’s first set of fixes, patch level 2017-03-01, addresses 36 vulnerabilities for all patched phones. Of the 36 flaws, 11 are rated as “critical,” which could allow an attacker to fully compromise the device, while “15” are given a “high” severity rating, according to the latest Android Security Bulletin.
Although the SSL cryptographic bug was patched in OpenSSL in September, close to six months ago, Google has not indicated why it waited so long to address the vulnerability that received a low severity rating by OpenSSL developers.
The second patch level in this month’s release, 2017-03-05, fixes 14 “moderate” flaws, 32 high-rated bugs, and 24 Critical vulnerabilities that specifically impact drivers and components from MediaTek, Nvidia, Boardcom and Qualcomm.