The security patch that Google committed to release on a monthly basis since the threat of the Stagefright vulnerability came to fore has just recently been renamed to the “Android Security Bulletin” a month ago. Now the June 2016 bulletin is out, and it aims to crush several high-severity bugs present in the Android platform.
The new Security Patch Level date is June 1, 2016, and changes should also reflect onto the Android Open Source Project within 48 hours. This month’s patch fixes 21 security vulnerabilities in all. Google says that the most severe issue is “a critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.” This vulnerability has all the hallmarks of a Stagefright-type bug.
Other critical vulnerabilities include several elevation of privilege flaws in Qualcomm components, such as its video, sound, and Wi-Fi drivers. The bugs are specific to select Nexus devices. Google has been stressing each month that there have been zero reports of any devices actively exploited by these vulnerabilities, and that platform-level security protections and service protections like SafetyNet make the risk of actually being exploited quite low.
The updates should reach your Nexus devices via OTA pretty soon, so we recommend you just wait for it. But if you want to force the update, you can flash the factory images downloadable from the official download site. Just remember that this will wipe your phone clean, and data may be lost.
SOURCE: Google
