Skip to main content

All the November 2021 Android security patch details you need

Fixing the latest bugs and exploits in Android every month.

Google has detailed the latest Android Security Bulletin and released the fixes for Pixel devices.

These are exploits and other security concerns that affect Android as a whole. Issues with the operating system, kernel patches, and driver updates may not affect any particular device, but these need to be fixed in the Android base by the folks maintaining the operating system code. That means Google and they've detailed the things they have improved for this month.

Updated factory images for Pixel devices that are still supported are available, and over-the-air updates are rolling out to users. If you don't want to wait, you can download and flash the factory image or OTA update file manually, and here are some handy instructions to get you started.

The company that made your phone uses these patches to send an update out to you.

These changes have been released to the people making the best Android phones for at least 30 days, but Google can't force anyone to deliver them to you. So if you're using a phone from Samsung, LG, or anyone besides Google, you'll need to wait for them to send an update and shouldn't try to flash any of the above files. It might have already happened, as OEMs can send out the patch before the deadline Google must adhere to so that the exploits aren't publicized.

Of course, Google has safety checks in place to prevent any problems on your phone because of any security exploits. Verify Apps and SafetyNet are at work anytime you add an app to your phone, and seamless updates to Google Play Services will keep them up to date regardless of any hold up from a manufacturer or carrier. Details about Android Enterprise Security can be found here.

Devices with Android 10 and later may also receive security updates as Google Play system updates thanks to Project Mainline.

Highlights of November 2021 security bulletin

  • As usual, the Android Framework and Media Framework have had high-severity issues addressed.
  • High-sensitivity vulnerabilities in the Android system components were patched.
  • Qualcomm and MediaTek have closed source components for devices using these companies' hardware.
  • Tethering and Media Framework components were updated through Project Mainline.

Pixel-specific updates

Every month, Google released some Pixel-specific patches that will affect phones currently being supported, including Pixel 3, Pixel 3a, Pixel 4, Pixel 4a, Pixel 5, and Pixel 5a. For November 2021, there are several bug fixes included with the security patch.

Full details for the November 2021 security bulletin are available at the Android Security website. Security patch notes for Pixel devices are detailed here and functional changes/bug fixes are detailed here.

You can see the Android Security website for details on all the bulletins, and Google also breaks down the separate Pixel-specific changes as well.



Source: androidcentral

Popular posts from this blog

FCC approves broadband 'nutrition labels' to help you shop for internet

The FCC is pushing nutrition labels for internet providers. What you need to know The FCC has voted to move forward with new rules for ISPs to display nutrition labels. The proposed rulemaking would mandate ISPs to display relevant speed and pricing information to consumers. This should make it easier for consumers to make an informed decision on their broadband. The FCC voted unanimously on a plan that would allow consumers to make better decisions about their broadband internet. The proposal will require internet service providers (ISPs) - including many of the best wireless carriers in the U.S. — to display "nutrition labels" that display relevant service information for consumers at point-of-sale. This includes internet speeds, allowances, and clear information on rates. "If you walk into any grocery store and pull boxes of cereal from the shelves, you can easily compare calories and carbohydrates," FCC Chair Jessica Rosenworcel said in a statemen

Slack’s new integration deal with AWS could also be about tweaking Microsoft

Slack and Amazon announced a big integration late yesterday afternoon. As part of the deal, Slack will use Amazon Chime for its call feature, while reiterating its commitment to use AWS as its preferred cloud provider to run its infrastructure. At the same time, AWS has agreed to use Slack for internal communications. Make no mistake, this is a big deal as the SaaS communications tool increases its ties with AWS, but this agreement could also be about slighting Microsoft and its rival Teams product by making a deal with a cloud rival. In the past Slack CEO Stewart Butterfield has had choice words for Microsoft saying the Redmond technology giant sees his company as an “existential threat.” Whether that’s true or not — Teams is but one piece of a huge technology company — it’s impossible not to look at the deal in this context. Aligning more deeply with AWS sends a message to Microsoft, whose Azure infrastructure services compete with AWS. Butterfield didn’t say that of course

Yandex spins out self-driving car unit from its Uber JV, invests $150M into newco

Self-driving cars are still many years away from becoming a ubiquitous reality, but today one of the bigger efforts to build and develop them is taking a significant step out as part of its strategy to be at the forefront for when they do. Yandex — the publicly-traded Russian tech giant that started as a search engine but has expanded into a number of other, related areas (similar to US counterpart Google) — today announced that it is spinning out its self-driving car unit from MLU BV — a ride-hailing and food delivery joint venture it operates in partnership with Uber. The move comes amid reports that Yandex and Uber were eyeing up an IPO for MLU  last year. At the time, the JV was estimated to be valued at around $7.7 billion. It’s not clear how those plans will have been impacted in recent months, with COVID-19 putting huge pressure on ride-hailing and food-delivery businesses globally, and IPOs generally down compared to a year ago. In that context, spinning out the unit could

Elon Musk sends yet another notice trying to terminate the Twitter deal

Kristen Radtke / The Verge; Getty Images Elon Musk has sent a third letter to Twitter attempting to terminate his $44 billion acquisition of the company . Musk’s legal team cited Twitter’s multimillion dollar severance payment to former security chief and whistleblower Peiter Zatko as a violation of the merger agreement and a reason to end the deal. The letter, dated September 9th, was sent to Twitter’s chief legal officer Vijaya Gadde, and was included in a filing Twitter made with the SEC on Friday (which you can read at the bottom of this article). Last month, Zatko made headlines by accusing Twitter of misleading investors about the number of bots on the service, failing to delete users’ data, and having poor security practices, among other things. Musk jumped on the accusations, citing them in his second termination letter and subpoenaing Zatko to testify in the lawsuit. Zatko was set to be deposed on Friday. Elon Musk sent his first letter of termination in July , say