Only three weeks after the release of OTA-6, Ubuntu Touch, the privacy-first mobile operating system by UBports, has just announced the unscheduled release of OTA-7 for Ubuntu Touch 20.04. The update addresses two critical security vulnerabilities in PulseAudio, the audio server on Ubuntu Touch.
These vulnerabilities pose potential threats to usersโ privacy, and, as a result, UBports has opted for an out-of-schedule release to address these concerns quickly and effectively. Specifically, the release addresses two vulnerabilities:
- Trust Store Permission Removal: Certain confined applications were found to be able to remove the Trust Store permission module from PulseAudio. This effectively allowed unauthorized applications to access the microphone without the user’s knowledge, thereby compromising privacy.
- Volume Control Crash with Bluetooth Devices: Applications were also found capable of crashing PulseAudio by adjusting the volume on a specific virtual device while a Bluetooth headset was connected. Though this issue primarily affected Ubuntu Touch, it had the potential to impact Ubuntu 16.04 installations that used a non-default configuration.
In light of these findings, UBports coordinated with Canonical to ensure the timely patching of these issues before releasing OTA-7 to the public.
While the primary focus of OTA-7 is security, the release also contains other bug fixes and enhancements unrelated to the aforementioned vulnerabilities. UBports plans to release a release candidate version soon, along with a call for community testing to ensure a smooth rollout.
The official rollout of Ubuntu Touch 20.04 OTA-7 is planned for Friday, November 29, 2024, and will be available to various supported devices, including the Asus Zenfone Max Pro M1, Fairphone series, Google Pixel 3a, OnePlus models, and more.
For existing users of Ubuntu Touch, the update will be delivered via the Updates screen in the System Settings app. The update will be randomly assigned to devices over the next few days, allowing UBports to address any unexpected issues before completing the release.
Alternatively, users who prefer not to wait can manually initiate the update by connecting their device to a computer and executing the update command via the ADB shell.
For new users interested in Ubuntu Touch, installation instructions can be found on the official UBports device page at devices.ubuntu-touch.io.
Lastly, since November 4, 2024, several important changes have been made:
- PulseAudio: Integrated security patches resolving the issues mentioned earlier.
- libgbinder: Updated stability field patch to apply specifically to Android 12, and adjusted AIDL variant for Android 11.
- lomiri-system-settings: Now shows the printing panel if a CUPS socket is detected.
- mir-android2-platform: Completed display hotplugging implementation and improved external monitor reconnection.
- morph-browser: Corrected a minor issue with QML module versioning.
Check out the release announcement for more details and the complete list of novelties in Ubuntu Touch OTA-7.
