A five-month-old flaw in Android’s SSL cryptographic libraries is among the 35 critical vulnerabilities Google fixed in its March security patches for the mobile OS.
The first set of patches, known as patch level 2017-03-01, is common to all patched phones and contains fixes for 36 vulnerabilities, 11 of which are rated critical and 15 high. Android vulnerabilities rated critical are those that can be exploited to execute malicious code in the context of a privileged process or the kernel, potentially leading to a full device compromise.
One of the patched vulnerabilities is located in the OpenSSL cryptographic library and also affects Google’s newer BoringSSL library, which is based on OpenSSL.
