Wednesday , August 16 2017

June security update for Nexus devices is now live – OTA’s, Factory images and of course a security bulletin

Nexus Logo
It’s June, so as we’ve seen every month since Google announced they would be announcing monthly security vulnerabilities and releasing patches for them, Google has released their monthly security blog, as well as updated the factory images for supported Nexus devices and also added OTA files for them as well.

The factory images can be flashed onto your device, but you may want to check out the OTA updates which are probably a bit easier and integrate with your phone or tablet a little easier. The Nexus Player, Nexus 5, Nexus 6, Nexus 7 (Wi-Fi & GSM) and Nexus 9 (Wi-Fi & LTE) all are on build MOB30M, while the Nexus 5X and 6P are on MTC19V. The Pixel C stands alone with build number MXC89H.

The list of vulnerabilities this month include 21 issues with sub-issues listed by their Common Vulnerability and Exposures ID (CVE), in all there are six critical, eleven high and four moderate issues to report this month. Google has laid them out in a nice table in their security blog, or you can see them here:

Issue CVE Severity Affects Nexus?
Remote Code Execution Vulnerability in Mediaserver CVE-2016-2463 Critical Yes
Remote Code Execution Vulnerabilities in libwebm CVE-2016-2464 Critical Yes
Elevation of Privilege Vulnerability in Qualcomm Video Driver CVE-2016-2465 Critical Yes
Elevation of Privilege Vulnerability in Qualcomm Sound Driver CVE-2016-2466
CVE-2016-2467
Critical Yes
Elevation of Privilege Vulnerability in Qualcomm GPU Driver CVE-2016-2468
CVE-2016-2062
Critical Yes
Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver CVE-2016-2474 Critical Yes
Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver CVE-2016-2475 High Yes
Elevation of Privilege Vulnerability in Qualcomm Sound Driver CVE-2016-2066
CVE-2016-2469
High Yes
Elevation of Privilege Vulnerability in Mediaserver CVE-2016-2476
CVE-2016-2477
CVE-2016-2478
CVE-2016-2479
CVE-2016-2480
CVE-2016-2481
CVE-2016-2482
CVE-2016-2483
CVE-2016-2484
CVE-2016-2485
CVE-2016-2486
CVE-2016-2487
High Yes
Elevation of Privilege Vulnerability in Qualcomm Camera Driver CVE-2016-2061
CVE-2016-2488
High Yes
Elevation of Privilege Vulnerability in Qualcomm Video Driver CVE-2016-2489 High Yes
Elevation of Privilege Vulnerability in NVIDIA Camera Driver CVE-2016-2490
CVE-2016-2491
High Yes
Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver CVE-2016-2470
CVE-2016-2471
CVE-2016-2472
CVE-2016-2473
High Yes
Elevation of Privilege Vulnerability in MediaTek Power Management Driver CVE-2016-2492 High Yes
Elevation of Privilege Vulnerability in SD Card Emulation Layer CVE-2016-2494 High Yes
Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver CVE-2016-2493 High Yes
Remote Denial of Service Vulnerability in Mediaserver CVE-2016-2495 High Yes
Elevation of Privilege Vulnerability in Framework UI CVE-2016-2496 Moderate Yes
Information Disclosure Vulnerability in Qualcomm Wi-Fi Driver CVE-2016-2498 Moderate Yes
Information Disclosure Vulnerability in Mediaserver CVE-2016-2499 Moderate Yes
Information Disclosure Vulnerability in Activity Manager CVE-2016-2500 Moderate Yes

You can get the OTA files or Factory images from the Nexus developer page, but remember you’ll have to accept the terms and conditions for use before you can jump in there.

 
Source: Nexus Security Bulletin, Nexus OTA, and Nexus Factory Images.

Daniel Tyson   Editor

Dan is a die-hard Android fan. Some might even call him a lunatic. He's been an Android user since Android was a thing, and if there's a phone that's run Android, chances are he owns it (his Nexus collection is second-to-none) or has used it.

Dan's dedication to Ausdroid is without question, and he has represented us at some of the biggest international events in our industry including Google I/O, Mobile World Congress, CES and IFA.

Join the Ausdroid Conversation

6 Comments on "June security update for Nexus devices is now live – OTA’s, Factory images and of course a security bulletin"

avatar
Sort by:   newest | oldest | most voted
AppleDeFekTor
Valued Guest
AppleDeFekTor

Just downloaded june security update S7 on Vodafone, previously was February came installed on it

Member
Matt

I still haven’t installed the last one. Yup.. left that notification sitting there for the last ~ 3 weeks now.

craigo
Valued Guest

Looking forward to Android N no longer needing to check each app after the security update. With over 100 apps on my phone, it renders my phone unusable for almost an hour.

Manya3084
Valued Guest
Manya3084

You know what’s funny, for the first time my Vodafone s7 edge had this Android security update since Saturday, 3 days before the nexus. Didn’t think it was possible.

Member

It’s possible, partners get Android security patches early 🙂

I know. I work for a Android oem :P, no ama sorry.

Michael C
Valued Guest
Michael C

It was probably a previous month update.

wpDiscuz

Check Also

Sick of seeing the Galaxy Note 8 leaks yet? Well, here it is in Deep Sea Blue with the S Pen

It’s the phone that keeps on leaking, but we love it. Now here’s your chance …