Last month’s Nexus security patch was filled with a balance between performance and security fixes. We’re glad to inform you that this month’s security patch will be filled with fixes all throughout, including a Linux security issue that made Google do a specific patch just for it last month.
On this month’s security bulletin for this patch, Google lists fixes for 29 security bugs found by independent security research teams, as well as Google’s own security teams. The most severe vulnerability is still coming from the Stagefright MMS route, enabling remote code execution when browsing or using email and MMS. Google has noted, though, that there are no reports of customers affected by this issue.
Other fixes deal with vulnerabilities allowing elevation of privilege in Bluetooth, the Download manager, and other areas. There are also fixes for several vulnerabilities that allow malicious apps to access the device owner’s information.
Google has announced that the updates are rolling out OTA, and most of the supported Nexus devices are covered, including the Nexus 6P, Nexus 5X, Nexus 6, Nexus Player, Nexus 9 (LTE), Nexus 9 (Wi-Fi), Nexus 5, Nexus 7 2013 (Wi-Fi), Nexus 7 2013 (Mobile), and the Nexus 10. You can wait for the OTA, which should reach you within the week, or flash the factory images from the official download page.