+ Tuesday May 21st, 2019

Google-Developers
Google has today released their monthly security update notice for March, advising their partners of new vulnerabilities that have been patched. The announcement of new security vulnerabilities also means that Google has updated their Nexus Factory Images for selected Nexus devices.

The list of vulnerabilities released includes the Common Vulnerability and Exposure ID (CVE) listed by their severity. The severity of each vulnerability is assesed by the effect that actually seeing an exploit for each CVE would have, if the platform and service mitigations were bypassed or disabled.

This month, Google has patched six critical, eight high and two moderate severity vulnerabilities. which you can see listed in the table below.

IssueCVESeverity
Remote Code Execution Vulnerability in MediaserverCVE-2016-0815
CVE-2016-0816
Critical
Remote Code Execution Vulnerabilities in libvpxCVE-2016-1621Critical
Elevation of Privilege in ConscryptCVE-2016-0818Critical
Elevation of Privilege Vulnerability in the Qualcomm
Performance Component
CVE-2016-0819Critical
Elevation of Privilege Vulnerability in MediaTek Wi-Fi DriverCVE-2016-0820Critical
Elevation of Privilege Vulnerability in Keyring ComponentCVE-2016-0728Critical
Mitigation Bypass Vulnerability in the KernelCVE-2016-0821High
Elevation of Privilege in MediaTek Connectivity DriverCVE-2016-0822High
Information Disclosure Vulnerability in KernelCVE-2016-0823High
Information Disclosure Vulnerability in libstagefrightCVE-2016-0824High
Information Disclosure Vulnerability in WidevineCVE-2016-0825High
Elevation of Privilege Vulnerability in MediaserverCVE-2016-0826
CVE-2016-0827
High
Information Disclosure Vulnerability in MediaserverCVE-2016-0828
CVE-2016-0829
High
Remote Denial of Service Vulnerability in BluetoothCVE-2016-0830High
Information Disclosure Vulnerability in TelephonyCVE-2016-0831Moderate
Elevation of Privilege Vulnerability in Setup WizardCVE-2016-0832Moderate

OEMs who announced monthly security patches such as LG and Samsung are now able to draw the patches from AOSP to build into their own software and release patches, which will of course, for carrier locked models, have to go through testing by those carriers before release.

For the majority of Nexus devices, at least those purchased from the Google Store, there is no such wait – no, Telstra isn’t blocking those updates, we checked – and OTA updates of the March security patch will begin shortly. If you can’t wait, you can of course dirty flash the factory images which have been released for the Nexus 5, 5X, 6, 7 (2013) Wi-Fi and LTE, 9 Wi-Fi and LTE, and Nexus Player – that’s right, the Nexus 6P is still not updated as yet, but shouldn’t be too far away.

The Nexus like Pixel C gets an update as well, with factory image 6.0.1 (MXC14G) now available to download, but again, OTA updates for the Pixel C should be arriving soon too.

Source: Google Security Bulletin (March), and Nexus Factory Images.

Daniel Tyson  

Avatar

Dan is a die-hard Android fan. Some might even call him a lunatic. He's been an Android user since Android was a thing, and if there's a phone that's run Android, chances are he owns it (his Nexus collection is second-to-none) or has used it.

Dan's dedication to Ausdroid is without question, and he has represented us at some of the biggest international events in our industry including Google I/O, Mobile World Congress, CES and IFA.

1
Join the Ausdroid Conversation

avatar
1 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
1 Comment authors
Gregory Williams Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
Greg
Ausdroid Reader

I wonder if there will be another version bump before N. Good to see constant security patches from Google though.

Check Also

Opinion: Android Pie may be the last ‘Tasty Treat’ Google has for us

This isn’t going to be an overly groundbreaking or controversial opinion. I’ve heard rumblings echoing …