Wednesday , October 18 2017

April Security updates released, patches in AOSP and factory images for Nexus devices now available

Google-Developers
Google has this morning released the new security updates for Android, addressing the Common Vulnerability and Exposures ID (CVE) in their monthly security report. The CVEs have been patched in AOSP and of course for selected Nexus devices, there’s new images available to flash to your device.

The CVE’s addressed this month include eight issues listed as critical, 13 high and eight moderate issues, for a total of 29 CVEs in their security report, which includes the mid-month update they addressed last month.

Issue CVE Severity
Remote Code Execution Vulnerability in DHCPCD CVE-2016-1503
CVE-2014-6060
Critical
Remote Code Execution Vulnerability in Media Codec CVE-2016-0834 Critical
Remote Code Execution Vulnerability in Mediaserver CVE-2016-0835
CVE-2016-0836
CVE-2016-0837
CVE-2016-0838
CVE-2016-0839
CVE-2016-0840
CVE-2016-0841
Critical
Remote Code Execution Vulnerability in libstagefright CVE-2016-0842 Critical
Elevation of Privilege Vulnerability in Kernel CVE-2015-1805 Critical
Elevation of Privilege Vulnerability in Qualcomm
Performance Module
CVE-2016-0843 Critical
Elevation of Privilege Vulnerability in Qualcomm RF Component CVE-2016-0844 Critical
Elevation of Privilege Vulnerability in Kernel CVE-2014-9322 Critical
Elevation of Privilege Vulnerability in IMemory Native Interface CVE-2016-0846 High
Elevation of Privilege Vulnerability in Telecom Component CVE-2016-0847 High
Elevation of Privilege Vulnerability in Download Manager CVE-2016-0848 High
Elevation of Privilege Vulnerability in Recovery Procedure CVE-2016-0849 High
Elevation of Privilege Vulnerability in Bluetooth CVE-2016-0850 High
Elevation of Privilege Vulnerability in Texas Instruments Haptic Driver CVE-2016-2409 High
Elevation of Privilege Vulnerability in a Video Kernel Driver CVE-2016-2410 High
Elevation of Privilege Vulnerability in Qualcomm
Power Management Component
CVE-2016-2411 High
Elevation of Privilege Vulnerability in System_server CVE-2016-2412 High
Elevation of Privilege Vulnerability in Mediaserver CVE-2016-2413 High
Denial of Service Vulnerability in Minikin CVE-2016-2414 High
Information Disclosure Vulnerability in Exchange ActiveSync CVE-2016-2415 High
Information Disclosure Vulnerability in Mediaserver CVE-2016-2416
CVE-2016-2417
CVE-2016-2418
CVE-2016-2419
High
Elevation of Privilege Vulnerability in Debuggerd Component CVE-2016-2420 Moderate
Elevation of Privilege Vulnerability in Setup Wizard CVE-2016-2421 Moderate
Elevation of Privilege Vulnerability in Wi-Fi CVE-2016-2422 Moderate
Elevation of Privilege Vulnerability in Telephony CVE-2016-2423 Moderate
Denial of Service Vulnerability in SyncStorageEngine CVE-2016-2424 Moderate
Information Disclosure Vulnerability in AOSP Mail CVE-2016-2425 Moderate
Information Disclosure Vulnerability in Framework CVE-2016-2426 Moderate
Information Disclosure Vulnerability in BouncyCastle CVE-2016-2427 Moderate

For Nexus owners, there are new factory images available which you can flash to your device – though the Pixel C does not appear to have an image available as yet. The build details for the new images are :

  • LMY49J – Nexus 10
  • Nexus 6P and 5X – MHC19Q
  • Nexus 6, 5, 9 LTE, and (2013) 7 Mobile – MMB29X
  • Nexus Player, 9 Wi-Fi, and (2013) 7 Wi-Fi – MOB30D

If you would prefer though, the OTA updates for the April Security updates should roll out to the Nexus devices quite quickly.

 
Source: Android Security Bulletin, and Nexus Factory Images.

Daniel Tyson   Editor

Dan is a die-hard Android fan. Some might even call him a lunatic. He's been an Android user since Android was a thing, and if there's a phone that's run Android, chances are he owns it (his Nexus collection is second-to-none) or has used it.

Dan's dedication to Ausdroid is without question, and he has represented us at some of the biggest international events in our industry including Google I/O, Mobile World Congress, CES and IFA.

Join the Ausdroid Conversation

Be the First to Comment!

avatar
wpDiscuz

Check Also

Check for update button is no longer a Placebo in Android

The frustration of Google’s long, slow trollout for updates is almost palpable after a new …