Google released on Monday, the Android October Security Bulletin, which this month addresses 78 security flaws, spread across two different patch levels.

These patch levels organize security flaws based on the components they affect, with the "2016-10-01 security patch level" affecting core Android services, drivers, and components that all smartphone vendors must address with high priority. The "2016-10-05 security patch level" only addresses issues in selected drivers and components that only some OEMs deploy with their Android versions, and smartphone vendors are required to implement only if they use those components.

The good news is that this month, Google engineers fixed only high and moderate level issues in core Android components, with no critical issues reported.

For this month, Google addresses 15 high severity issues and five moderate vulnerabilities in core Android components such as the Zygote core process, ServiceManager, the Lock Settings Service, the Mediaserver component, the Telephony component, the Camera service, the fingerprint login feature, and more.

Some kernel issues discovered, but they don't affect all Android versions

On the other hand, there were seven critical-level issues for Android drivers and vendor-specific components, with three affecting Qualcomm components, and the rest affecting the MediaTek video driver, the kernel ASN.1 decoder, the kernel networking subsystem, and the kernel shared memory driver.

While these issues are more severe, as stated above, they do not affect all Android smartphone vendors.

Android's own developers have discovered most of the issues, but independent security researchers have contributed with bug reports. Additionally, security firms such as Qihoo 360, Copperhead Security, Nightwatch Cybersecurity, Cheetah Mobile, Trend Micro, IBM X-Force, and C0RE Team have also filed bug reports.

As OEMs release new Android versions to mobile operators and their customers, more detailed bug reports will be published by security vendors in the upcoming days, detailing the vulnerabilities in more depth. If there's one that has a potential to do harm, we'll be covering it in a future article.

Issue CVE Severity Affects Nexus? 2016-10-01 security patch level Elevation of privilege vulnerability in ServiceManager CVE-2016-3900 High Yes Elevation of privilege vulnerability in Lock Settings Service CVE-2016-3908 High Yes Elevation of privilege vulnerability in Mediaserver CVE-2016-3909, CVE-2016-3910, CVE-2016-3913 High Yes Elevation of privilege vulnerability in Zygote process CVE-2016-3911 High Yes Elevation of privilege vulnerability in framework APIs CVE-2016-3912 High Yes Elevation of privilege vulnerability in Telephony CVE-2016-3914 High Yes Elevation of privilege vulnerability in Camera service CVE-2016-3915, CVE-2016-3916 High Yes Elevation of privilege vulnerability in fingerprint login CVE-2016-3917 High Yes Information disclosure vulnerability in AOSP Mail CVE-2016-3918 High Yes Denial of service vulnerability in Wi-Fi CVE-2016-3882 High Yes Denial of service vulnerability in GPS CVE-2016-5348 High Yes Denial of service vulnerability in Mediaserver CVE-2016-3920 High Yes Elevation of privilege vulnerability in Framework Listener CVE-2016-3921 Moderate Yes Elevation of privilege vulnerability in Telephony CVE-2016-3922 Moderate Yes Elevation of privilege vulnerability in Accessibility services CVE-2016-3923 Moderate Yes Information disclosure vulnerability in Mediaserver CVE-2016-3924 Moderate Yes Denial of service vulnerability in Wi-Fi CVE-2016-3925 Moderate Yes