Taiwanese smartphone manufacturer HTC is currently rolling out a software package that will install the December 2017 Android security patch and a number of system enhancements to HTC U11 units in the United States. The December 2017 Android security patch includes fixes for a number of vulnerabilities, some of which are discovered in the media framework and the system component of Google’s operating system. Some of the vulnerabilities are classified either as an elevation of privileges or denial of service-related security issues. The elevation of privileges refers to software flaws that allow malware to obtain permissions beyond what is initially granted to it by the user. On the other hand, denial of service-related security issues may result in crashing of specific applications or the device itself. It seems that there are no new features included in the latest U11 update, at least according to the software’s changelog.
However, since the HTC U11 has not yet received the January 2018 Android security patch, it’s still vulnerable to the Spectre exploit. The recently discovered Spectre vulnerability permits rogue applications to access sensitive data stored in the device’s system memory by exploiting the CPU’s speculative execution feature. Unlike the equally high-profile Meltdown exploit, Spectre affects the processors designed by ARM, AMD, and Intel. Google has already released ARM-specific fixes to its partner manufacturers, which likely includes HTC, although it may take some time before the Taiwanese smartphone maker releases the security patch to its flagship handset offering.
While the new update has a file size of 737MB, the manufacturer did not provide any details regarding the system enhancements included in it. It is also the first update that the device maker released for the HTC U11 after it was upgraded to Android 8.0 Oreo in the U.S. nearly two months ago. The software package is currently being distributed automatically, and it may take several days before all units of the smartphone receive the update. The company recommends that the software upgrade is downloaded over a Wi-Fi network, since obtaining the installation file through a mobile data connection may result in additional carrier charges. Once the update is installed, the new software build can be identified by the version number 2.42.617.1.