Google Shifts Android Security Updates To Risk-Based Triage System (androidauthority.com)
(Monday September 15, 2025 @11:21AM (msmash)
from the moving-forward dept.)
- Reference: 0179260550
- News link: https://tech.slashdot.org/story/25/09/15/1444225/google-shifts-android-security-updates-to-risk-based-triage-system
- Source link: https://www.androidauthority.com/android-risk-based-security-updates-3597466/
Google has restructured Android's decade-old monthly security update process [1]into a "Risk-Based Update System" that separates high-priority patches from routine fixes. Monthly bulletins now contain only vulnerabilities under active exploitation or in known exploit chains -- explaining July 2025's unprecedented zero-CVE bulletin -- while most patches accumulate for quarterly releases.
The September 2025 bulletin contained 119 vulnerabilities compared to zero in July and six in August. The change reduces OEM workload for monthly updates but extends the private bulletin lead time from 30 days to several months for quarterly releases. The company no longer releases monthly security update source code, limiting custom ROM development to quarterly cycles.
[1] https://www.androidauthority.com/android-risk-based-security-updates-3597466/
The September 2025 bulletin contained 119 vulnerabilities compared to zero in July and six in August. The change reduces OEM workload for monthly updates but extends the private bulletin lead time from 30 days to several months for quarterly releases. The company no longer releases monthly security update source code, limiting custom ROM development to quarterly cycles.
[1] https://www.androidauthority.com/android-risk-based-security-updates-3597466/