, and

Nexus Logo
Google has released new factory images for their current range of Nexus devices on their developers site. As promised last week by Hiroshi Lockheimer, the current head of Chrome, Android and Chromecast at Google, the update includes the new emoji we’ve been waiting for, as well as the latest updates to address Common Vulnerability and Exposures (CVEs).

The current range of Nexus devices includes the Nexus 5, Nexus 6, Nexus 7 (2013), Nexus 9, Nexus Player – as well as the newest Nexus phones, the Nexus 5X and Nexus 6P, all of which have a new factory image waiting to be downloaded and flashed. And yes, before you ask, even the LTE versions of the Nexus 7 (2013) and Nexus 9 have new images available. Most devices are getting build MMB29K but if you check the Nexus Player and Nexus 6P, they get a MMB29M build.

The update also includes the latest round of security patches for December. On their Google Group, Google points users to the Security Bulletin update page, which has a complete listing of all 16 CVEs that are addressed and advises that they will begin rolling out over-the-air (OTA) updates with the patches starting today. If that’s too long – as above you can get the new system image. CVEs addressed include:

Issue CVE Severity
Remote Code Execution Vulnerability in Mediaserver CVE-2015-6616 Critical
Remote Code Execution Vulnerability in Skia CVE-2015-6617 Critical
Elevation of Privilege in Kernel CVE-2015-6619 Critical
Remote Code Execution Vulnerabilities in Display Driver CVE-2015-6633
CVE-2015-6634
Critical
Remote Code Execution Vulnerability in Bluetooth CVE-2015-6618 High
Elevation of Privilege Vulnerabilities in libstagefright CVE-2015-6620 High
Elevation of Privilege Vulnerability in SystemUI CVE-2015-6621 High
Elevation of Privilege Vulnerability in Native Frameworks Library CVE-2015-6622 High
Elevation of Privilege Vulnerability in Wi-Fi CVE-2015-6623 High
Elevation of Privilege Vulnerability in System Server CVE-2015-6624 High
Information Disclosure Vulnerabilities in libstagefright CVE-2015-6626
CVE-2015-6631
CVE-2015-6632
High
Information Disclosure Vulnerability in Audio CVE-2015-6627 High
Information Disclosure Vulnerability in Media Framework CVE-2015-6628 High
Information Disclosure Vulnerability in Wi-Fi CVE-2015-6629 High
Elevation of Privilege Vulnerability in System Server CVE-2015-6625 Moderate
Information Disclosure Vulnerability in SystemUI CVE-2015-6630 Moderate

The updated factory images are now live on the Google Developers page for those that want to dirty flash the update and check out those new emoji.

Source: Google Security BulletinNexus Factory Images page.
8 Comments
newest
oldest
Inline Feedbacks
View all comments
Matt Coutts

May be silly to ask, but I assume these also incorporate the fix for the Telstra issues on the 6P?

Daniel Tyson

Very likely – haven’t had a chance to check yet.

dazweeja

It’s very confusing regarding the 6p. Is 29M newer or older than 29N? The alphabet says older but the former is 6.0.1 and the latter is 6.0.0. Nice one Google!

Daniel Tyson

From StackOverflow: The first letter is the code name of the release family, e.g. F is Froyo. The second letter is a branch code that allows Google to identify the exact code branch that the build was made from, and R is by convention the primary release branch. The next letter and two digits are a date code. The letter counts quarters, with A being Q1 2009. Therefore, F is Q2 2010. The two digits count days within the quarter, so F85 is June 24 2010. Finally, the last letter identifies individual versions related to the same date code, sequentially… Read more »

dazweeja

That suggests that M and N are from the same date but M is 6.0.1 and N is 6.0.0. I’m a programmer and I’ve never seen versioning where an earlier letter is newer and incorporates changes from a later letter. If the M version includes the changes from the N version, why isn’t it O, P, or a later letter? So either that’s really messed up or the Telstra fixes from the N version are not in the latest 6.0.1 (M) version.

Daniel Tyson

Right. Now I know which build you’re actually referring to.

Hold tight, we’ve asked the question, they may have brought the radio and system file changes into the new build.

Lee

Would be great if you could update this article when you’ve had some feedback re the Telstra issue, please.

Daniel Tyson

Considering they went to the effort of releasing an OTA – I would be very surprised to NOT see the update included. Very hard to verify it is, but I`ll ask when I get a chance.