It’s a new month so that means we get a new Android Security Bulletin listing all the issues that have been found, and consequently patched. For Nexus owners with supported devices, this means you’ll see an OTA arrive soon on your device – or you’ll be able to side-load it or flash it with a new, updated factory image.
There’s two patch levels again this month, Google introduced two levels of patches for vendors to patch against last month, and they’ve done so again this month releasing August 1st and August 5th patch levels. The August 5th patch contains everything, including all previous patches, the August 1st patch contains all the updates to there as well as possibly a subset of fixes from the August 5th patch level. This two patch approach appears to be something that will be standard going forward, giving vendors an extra month to patch issues if they want that up to date security patch status.
In the August 1st patch, there’s a single critical, 4x high, and 9x moderate vulnerabilities patched, while the August 5th patch level includes fixes for 7x critical, 15x high and 4x moderate patches as well a single high vulnerability patch for devices with Qualcomm components. The related Common Vulnerability and Exposures ID (CVE) are all listed in the bulletin for those wanting to check it out further.
|Nexus 6||MMB30K and MOB30O||MOB30W and MMB30R|
|Nexus 7 Wi-Fi||MOB30P||MOB30X|
|Nexus 7 Mobile||MOB30P||MOB30X|
|Nexus 9 W-Fi||MOB30P||MOB30W|
|Nexus 9 LTE||MOB30P||MOB30W|
Google has advised that there have been no reports of ‘active customer exploitation or abuse of these newly reported issues’ so an update should take care of any potential issues that are lurking in the wild. Google will be releasing the August 5th patch as an OTA update in the next few days.