Google has released new factory images for their current range of Nexus devices on their developers site. As promised last week by Hiroshi Lockheimer, the current head of Chrome, Android and Chromecast at Google, the update includes the new emoji we’ve been waiting for, as well as the latest updates to address Common Vulnerability and Exposures (CVEs).
The current range of Nexus devices includes the Nexus 5, Nexus 6, Nexus 7 (2013), Nexus 9, Nexus Player – as well as the newest Nexus phones, the Nexus 5X and Nexus 6P, all of which have a new factory image waiting to be downloaded and flashed. And yes, before you ask, even the LTE versions of the Nexus 7 (2013) and Nexus 9 have new images available. Most devices are getting build MMB29K but if you check the Nexus Player and Nexus 6P, they get a MMB29M build.
The update also includes the latest round of security patches for December. On their Google Group, Google points users to the Security Bulletin update page, which has a complete listing of all 16 CVEs that are addressed and advises that they will begin rolling out over-the-air (OTA) updates with the patches starting today. If that’s too long – as above you can get the new system image. CVEs addressed include:
| Issue | CVE | Severity |
|---|---|---|
| Remote Code Execution Vulnerability in Mediaserver | CVE-2015-6616 | Critical |
| Remote Code Execution Vulnerability in Skia | CVE-2015-6617 | Critical |
| Elevation of Privilege in Kernel | CVE-2015-6619 | Critical |
| Remote Code Execution Vulnerabilities in Display Driver | CVE-2015-6633 CVE-2015-6634 |
Critical |
| Remote Code Execution Vulnerability in Bluetooth | CVE-2015-6618 | High |
| Elevation of Privilege Vulnerabilities in libstagefright | CVE-2015-6620 | High |
| Elevation of Privilege Vulnerability in SystemUI | CVE-2015-6621 | High |
| Elevation of Privilege Vulnerability in Native Frameworks Library | CVE-2015-6622 | High |
| Elevation of Privilege Vulnerability in Wi-Fi | CVE-2015-6623 | High |
| Elevation of Privilege Vulnerability in System Server | CVE-2015-6624 | High |
| Information Disclosure Vulnerabilities in libstagefright | CVE-2015-6626 CVE-2015-6631 CVE-2015-6632 |
High |
| Information Disclosure Vulnerability in Audio | CVE-2015-6627 | High |
| Information Disclosure Vulnerability in Media Framework | CVE-2015-6628 | High |
| Information Disclosure Vulnerability in Wi-Fi | CVE-2015-6629 | High |
| Elevation of Privilege Vulnerability in System Server | CVE-2015-6625 | Moderate |
| Information Disclosure Vulnerability in SystemUI | CVE-2015-6630 | Moderate |
The updated factory images are now live on the Google Developers page for those that want to dirty flash the update and check out those new emoji.
May be silly to ask, but I assume these also incorporate the fix for the Telstra issues on the 6P?
Very likely – haven’t had a chance to check yet.
It’s very confusing regarding the 6p. Is 29M newer or older than 29N? The alphabet says older but the former is 6.0.1 and the latter is 6.0.0. Nice one Google!
From StackOverflow: The first letter is the code name of the release family, e.g. F is Froyo. The second letter is a branch code that allows Google to identify the exact code branch that the build was made from, and R is by convention the primary release branch. The next letter and two digits are a date code. The letter counts quarters, with A being Q1 2009. Therefore, F is Q2 2010. The two digits count days within the quarter, so F85 is June 24 2010. Finally, the last letter identifies individual versions related to the same date code, sequentially… Read more ยป
That suggests that M and N are from the same date but M is 6.0.1 and N is 6.0.0. I’m a programmer and I’ve never seen versioning where an earlier letter is newer and incorporates changes from a later letter. If the M version includes the changes from the N version, why isn’t it O, P, or a later letter? So either that’s really messed up or the Telstra fixes from the N version are not in the latest 6.0.1 (M) version.
Right. Now I know which build you’re actually referring to.
Hold tight, we’ve asked the question, they may have brought the radio and system file changes into the new build.
Would be great if you could update this article when you’ve had some feedback re the Telstra issue, please.
Considering they went to the effort of releasing an OTA – I would be very surprised to NOT see the update included. Very hard to verify it is, but I`ll ask when I get a chance.