+ Monday December 9th, 2019

Google-Developers
Google has this morning released the new security updates for Android, addressing the Common Vulnerability and Exposures ID (CVE) in their monthly security report. The CVEs have been patched in AOSP and of course for selected Nexus devices, there’s new images available to flash to your device.

The CVE’s addressed this month include eight issues listed as critical, 13 high and eight moderate issues, for a total of 29 CVEs in their security report, which includes the mid-month update they addressed last month.

IssueCVESeverity
Remote Code Execution Vulnerability in DHCPCDCVE-2016-1503
CVE-2014-6060
Critical
Remote Code Execution Vulnerability in Media CodecCVE-2016-0834Critical
Remote Code Execution Vulnerability in MediaserverCVE-2016-0835
CVE-2016-0836
CVE-2016-0837
CVE-2016-0838
CVE-2016-0839
CVE-2016-0840
CVE-2016-0841
Critical
Remote Code Execution Vulnerability in libstagefrightCVE-2016-0842Critical
Elevation of Privilege Vulnerability in KernelCVE-2015-1805Critical
Elevation of Privilege Vulnerability in Qualcomm
Performance Module
CVE-2016-0843Critical
Elevation of Privilege Vulnerability in Qualcomm RF ComponentCVE-2016-0844Critical
Elevation of Privilege Vulnerability in KernelCVE-2014-9322Critical
Elevation of Privilege Vulnerability in IMemory Native InterfaceCVE-2016-0846High
Elevation of Privilege Vulnerability in Telecom ComponentCVE-2016-0847High
Elevation of Privilege Vulnerability in Download ManagerCVE-2016-0848High
Elevation of Privilege Vulnerability in Recovery ProcedureCVE-2016-0849High
Elevation of Privilege Vulnerability in BluetoothCVE-2016-0850High
Elevation of Privilege Vulnerability in Texas Instruments Haptic DriverCVE-2016-2409High
Elevation of Privilege Vulnerability in a Video Kernel DriverCVE-2016-2410High
Elevation of Privilege Vulnerability in Qualcomm
Power Management Component
CVE-2016-2411High
Elevation of Privilege Vulnerability in System_serverCVE-2016-2412High
Elevation of Privilege Vulnerability in MediaserverCVE-2016-2413High
Denial of Service Vulnerability in MinikinCVE-2016-2414High
Information Disclosure Vulnerability in Exchange ActiveSyncCVE-2016-2415High
Information Disclosure Vulnerability in MediaserverCVE-2016-2416
CVE-2016-2417
CVE-2016-2418
CVE-2016-2419
High
Elevation of Privilege Vulnerability in Debuggerd ComponentCVE-2016-2420Moderate
Elevation of Privilege Vulnerability in Setup WizardCVE-2016-2421Moderate
Elevation of Privilege Vulnerability in Wi-FiCVE-2016-2422Moderate
Elevation of Privilege Vulnerability in TelephonyCVE-2016-2423Moderate
Denial of Service Vulnerability in SyncStorageEngineCVE-2016-2424Moderate
Information Disclosure Vulnerability in AOSP MailCVE-2016-2425Moderate
Information Disclosure Vulnerability in FrameworkCVE-2016-2426Moderate
Information Disclosure Vulnerability in BouncyCastleCVE-2016-2427Moderate

For Nexus owners, there are new factory images available which you can flash to your device – though the Pixel C does not appear to have an image available as yet. The build details for the new images are :

  • LMY49J – Nexus 10
  • Nexus 6P and 5X – MHC19Q
  • Nexus 6, 5, 9 LTE, and (2013) 7 Mobile – MMB29X
  • Nexus Player, 9 Wi-Fi, and (2013) 7 Wi-Fi – MOB30D

If you would prefer though, the OTA updates for the April Security updates should roll out to the Nexus devices quite quickly.

Source: Android Security Bulletin, and Nexus Factory Images.

Daniel Tyson  

Daniel Tyson

Daniel is a former editor of Ausdroid, and left in February 2019.

Check Also

December update for Pixel 3 and 3a devices is causing the Pixel Launcher to crash

Yesterday Google released the latest security update for its Pixel devices and it seems that …