Google has today announced the latest security updates via their Nexus Security Bulletin site, as is the case once the vulnerabilities and patches have been announced, Google has also released updated factory images for supported Nexus devices.
The updates, in the form of flashable factory images are now available for the Nexus 5(MMB29S) and 5X(MMB29P), Nexus 6(MMB29S) and 6P(MMB29P) as well as the Nexus 7 (2013) (MMB29O) and Nexus 9(MMB29S) tablets and the Nexus Player(MMB29T) on the Android Developers page, with OTA updates due to start being pushed to devices soon.
Google has listed all the vulnerabilities, as well as detailed explanations on the Security Bulletin site, but as a summary have listed a table with the Issue, CVE identifier and the severity of the alert, with five critical, two high and five moderate alerts to report this month.
| Issue | CVE | Severity |
|---|---|---|
| Remote Code Execution Vulnerability in Mediaserver | CVE-2015-6636 | Critical |
| Elevation of Privilege Vulnerability in misc-sd driver | CVE-2015-6637 | Critical |
| Elevation of Privilege Vulnerability in the Imagination Technologies driver | CVE-2015-6638 | Critical |
| Elevation of Privilege Vulnerabilities in Trustzone | CVE-2015-6639 | Critical |
| Elevation of Privilege Vulnerability in Kernel | CVE-2015-6640 | Critical |
| Elevation of Privilege Vulnerability in Bluetooth | CVE-2015-6641 | High |
| Information Disclosure Vulnerability in Kernel | CVE-2015-6642 | High |
| Elevation of Privilege Vulnerability in Setup Wizard | CVE-2015-6643 | Moderate |
| Elevation of Privilege Vulnerability in Wi-Fi | CVE-2015-5310 | Moderate |
| Information Disclosure Vulnerability in Bouncy Castle | CVE-2015-6644 | Moderate |
| Denial of Service Vulnerability in SyncManager | CVE-2015-6645 | Moderate |
| Attack Surface Reduction for Nexus Kernels | CVE-2015-6646 | Moderate |
All the updates are ready to flash if you wish, or if you’re patient, you can find an OTA update heading to your device soon.
I never got the latest 6P update and haven’t unlocked my bootloader – forgot – so I couldn’t easily flash it. Something to do with the fact that I am on the Telstra OTA at the moment I’m sure.
Wonder if I’ll get this one via OTA..
yeah i havent got 6.0.1 yet, feels like telstra are blocking it i reckon its been too long for the delay to be part of the normal roll out. I’ve popped my uneeded optus sim in to see if that makes a difference
Did that work?
nope :