Google has announced the December security patch, which fixes the Wi-Fi KRACK vulnerability on Android devices. The company issued the patch along with its Android Security Bulletin for December 2017, detailing the most prominent security vulnerabilities affecting Android.
The KRACK security vulnerability was recently discovered by a security researcher. It affects almost every Wi-Fi enabled device and an attacker can exploit the vulnerability to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and more. You can learn more about it here.
The urgent fix was absent from the November security patch issued by Google. It left many Android devices vulnerable to the security flaw, but now these devices along with the Pixel and Nexus smartphones will be patched. Many smartphone companies have already issued a fix for the Wi-Fi security flaw on their own.
A number of patches for MediaTek, Qualcomm and Nvidia products have been listed in the December update. Google also listed five critical bugs concerning the media framework in its Android Security Bulletin. One is a system-level bug whereas the four others are related to Qualcomm components. Additionally, the company has said that there will be two patch levels for this month, 2017-12-01 and 2017-12-5, so that “Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly.” The 2017-12-5 patch level will be available for all Nexus and Pixel builds.