Google has this morning released the new security updates for Android, addressing the Common Vulnerability and Exposures ID (CVE) in their monthly security report. The CVEs have been patched in AOSP and of course for selected Nexus devices, there’s new images available to flash to your device.
The CVE’s addressed this month include eight issues listed as critical, 13 high and eight moderate issues, for a total of 29 CVEs in their security report, which includes the mid-month update they addressed last month.
| Issue | CVE | Severity |
|---|---|---|
| Remote Code Execution Vulnerability in DHCPCD | CVE-2016-1503 CVE-2014-6060 |
Critical |
| Remote Code Execution Vulnerability in Media Codec | CVE-2016-0834 | Critical |
| Remote Code Execution Vulnerability in Mediaserver | CVE-2016-0835 CVE-2016-0836 CVE-2016-0837 CVE-2016-0838 CVE-2016-0839 CVE-2016-0840 CVE-2016-0841 |
Critical |
| Remote Code Execution Vulnerability in libstagefright | CVE-2016-0842 | Critical |
| Elevation of Privilege Vulnerability in Kernel | CVE-2015-1805 | Critical |
| Elevation of Privilege Vulnerability in Qualcomm Performance Module |
CVE-2016-0843 | Critical |
| Elevation of Privilege Vulnerability in Qualcomm RF Component | CVE-2016-0844 | Critical |
| Elevation of Privilege Vulnerability in Kernel | CVE-2014-9322 | Critical |
| Elevation of Privilege Vulnerability in IMemory Native Interface | CVE-2016-0846 | High |
| Elevation of Privilege Vulnerability in Telecom Component | CVE-2016-0847 | High |
| Elevation of Privilege Vulnerability in Download Manager | CVE-2016-0848 | High |
| Elevation of Privilege Vulnerability in Recovery Procedure | CVE-2016-0849 | High |
| Elevation of Privilege Vulnerability in Bluetooth | CVE-2016-0850 | High |
| Elevation of Privilege Vulnerability in Texas Instruments Haptic Driver | CVE-2016-2409 | High |
| Elevation of Privilege Vulnerability in a Video Kernel Driver | CVE-2016-2410 | High |
| Elevation of Privilege Vulnerability in Qualcomm Power Management Component |
CVE-2016-2411 | High |
| Elevation of Privilege Vulnerability in System_server | CVE-2016-2412 | High |
| Elevation of Privilege Vulnerability in Mediaserver | CVE-2016-2413 | High |
| Denial of Service Vulnerability in Minikin | CVE-2016-2414 | High |
| Information Disclosure Vulnerability in Exchange ActiveSync | CVE-2016-2415 | High |
| Information Disclosure Vulnerability in Mediaserver | CVE-2016-2416 CVE-2016-2417 CVE-2016-2418 CVE-2016-2419 |
High |
| Elevation of Privilege Vulnerability in Debuggerd Component | CVE-2016-2420 | Moderate |
| Elevation of Privilege Vulnerability in Setup Wizard | CVE-2016-2421 | Moderate |
| Elevation of Privilege Vulnerability in Wi-Fi | CVE-2016-2422 | Moderate |
| Elevation of Privilege Vulnerability in Telephony | CVE-2016-2423 | Moderate |
| Denial of Service Vulnerability in SyncStorageEngine | CVE-2016-2424 | Moderate |
| Information Disclosure Vulnerability in AOSP Mail | CVE-2016-2425 | Moderate |
| Information Disclosure Vulnerability in Framework | CVE-2016-2426 | Moderate |
| Information Disclosure Vulnerability in BouncyCastle | CVE-2016-2427 | Moderate |
For Nexus owners, there are new factory images available which you can flash to your device – though the Pixel C does not appear to have an image available as yet. The build details for the new images are :
- LMY49J – Nexus 10
- Nexus 6P and 5X – MHC19Q
- Nexus 6, 5, 9 LTE, and (2013) 7 Mobile – MMB29X
- Nexus Player, 9 Wi-Fi, and (2013) 7 Wi-Fi – MOB30D
If you would prefer though, the OTA updates for the April Security updates should roll out to the Nexus devices quite quickly.
