The UBports Foundation has announced the release of Ubuntu Touch OTA-7, the latest stable update for Ubuntu Touch, which is based on Ubuntu 20.04 LTS (Focal Fossa). This update is rolling out to all supported devices starting today on the Stable channel.
This unexpected release comes just three weeks after the previous update, OTA-6. The urgency to release OTA-7 stems from the need to address two significant security vulnerabilities affecting the PulseAudio audio server in Ubuntu Touch, which could pose privacy risks for users.
The first vulnerability allows confined applications to bypass the Trust Store permission system module from the PulseAudio server, potentially granting unauthorized access to the phone’s microphone and other privileged actions without the user’s consent. The second issue enables confined applications to crash the PulseAudio server by manipulating volume settings on a specific virtual device when a Bluetooth headset is connected.
UBports clarified that these vulnerabilities arose from the way Ubuntu Touch patches and utilizes PulseAudio. The second issue may also impact some installations of Ubuntu 16.04 with non-default configurations. Consequently, UBports has coordinated with Canonical regarding the timing of this announcement.
Ubuntu Touch OTA-7 is being rolled out to various supported devices, including popular models such as the Asus Zenfone Max Pro M1, Fairphone 3, Google Pixel 3a, and several OnePlus models. Users on the Stable channel will receive the OTA-7 upgrade through the Updates screen in the System Settings app. Though the rollout begins today, it may take a few days for all users to receive the update.
For more details, you can check out the release announcement page.