+ Wednesday November 20th, 2019

Nexus Logo
It’s June, so as we’ve seen every month since Google announced they would be announcing monthly security vulnerabilities and releasing patches for them, Google has released their monthly security blog, as well as updated the factory images for supported Nexus devices and also added OTA files for them as well.

The factory images can be flashed onto your device, but you may want to check out the OTA updates which are probably a bit easier and integrate with your phone or tablet a little easier. The Nexus Player, Nexus 5, Nexus 6, Nexus 7 (Wi-Fi & GSM) and Nexus 9 (Wi-Fi & LTE) all are on build MOB30M, while the Nexus 5X and 6P are on MTC19V. The Pixel C stands alone with build number MXC89H.

The list of vulnerabilities this month include 21 issues with sub-issues listed by their Common Vulnerability and Exposures ID (CVE), in all there are six critical, eleven high and four moderate issues to report this month. Google has laid them out in a nice table in their security blog, or you can see them here:

IssueCVESeverityAffects Nexus?
Remote Code Execution Vulnerability in MediaserverCVE-2016-2463CriticalYes
Remote Code Execution Vulnerabilities in libwebmCVE-2016-2464CriticalYes
Elevation of Privilege Vulnerability in Qualcomm Video DriverCVE-2016-2465CriticalYes
Elevation of Privilege Vulnerability in Qualcomm Sound DriverCVE-2016-2466
CVE-2016-2467
CriticalYes
Elevation of Privilege Vulnerability in Qualcomm GPU DriverCVE-2016-2468
CVE-2016-2062
CriticalYes
Elevation of Privilege Vulnerability in Qualcomm Wi-Fi DriverCVE-2016-2474CriticalYes
Elevation of Privilege Vulnerability in Broadcom Wi-Fi DriverCVE-2016-2475HighYes
Elevation of Privilege Vulnerability in Qualcomm Sound DriverCVE-2016-2066
CVE-2016-2469
HighYes
Elevation of Privilege Vulnerability in MediaserverCVE-2016-2476
CVE-2016-2477
CVE-2016-2478
CVE-2016-2479
CVE-2016-2480
CVE-2016-2481
CVE-2016-2482
CVE-2016-2483
CVE-2016-2484
CVE-2016-2485
CVE-2016-2486
CVE-2016-2487
HighYes
Elevation of Privilege Vulnerability in Qualcomm Camera DriverCVE-2016-2061
CVE-2016-2488
HighYes
Elevation of Privilege Vulnerability in Qualcomm Video DriverCVE-2016-2489HighYes
Elevation of Privilege Vulnerability in NVIDIA Camera DriverCVE-2016-2490
CVE-2016-2491
HighYes
Elevation of Privilege Vulnerability in Qualcomm Wi-Fi DriverCVE-2016-2470
CVE-2016-2471
CVE-2016-2472
CVE-2016-2473
HighYes
Elevation of Privilege Vulnerability in MediaTek Power Management DriverCVE-2016-2492HighYes
Elevation of Privilege Vulnerability in SD Card Emulation LayerCVE-2016-2494HighYes
Elevation of Privilege Vulnerability in Broadcom Wi-Fi DriverCVE-2016-2493HighYes
Remote Denial of Service Vulnerability in MediaserverCVE-2016-2495HighYes
Elevation of Privilege Vulnerability in Framework UICVE-2016-2496ModerateYes
Information Disclosure Vulnerability in Qualcomm Wi-Fi DriverCVE-2016-2498ModerateYes
Information Disclosure Vulnerability in MediaserverCVE-2016-2499ModerateYes
Information Disclosure Vulnerability in Activity ManagerCVE-2016-2500ModerateYes

You can get the OTA files or Factory images from the Nexus developer page, but remember you’ll have to accept the terms and conditions for use before you can jump in there.

Source: Nexus Security Bulletin, Nexus OTA, and Nexus Factory Images.

Daniel Tyson  

Daniel Tyson

Daniel is a former editor of Ausdroid, and left in February 2019.

newest oldest most voted
Notify of
AppleDeFekTor
Guest
AppleDeFekTor

Just downloaded june security update S7 on Vodafone, previously was February came installed on it

Matt
Ausdroid Reader
Matt

I still haven’t installed the last one. Yup.. left that notification sitting there for the last ~ 3 weeks now.

craigo
Guest

Looking forward to Android N no longer needing to check each app after the security update. With over 100 apps on my phone, it renders my phone unusable for almost an hour.

Anthony Maniatopoulos
Ausdroid Reader

You know what’s funny, for the first time my Vodafone s7 edge had this Android security update since Saturday, 3 days before the nexus. Didn’t think it was possible.

Michael C
Guest
Michael C

It was probably a previous month update.

Brinly Taylor
Ausdroid Reader

It’s possible, partners get Android security patches early 🙂

I know. I work for a Android oem :P, no ama sorry.

Check Also

New NBA immersive streaming app launches in Australia

The NBA is huge at the moment with its popularity at all time record levels, …