Google has released yet another security patch for Android devices, with this one being specific for the month of April. It includes a number of bug and security fixes ranging from moderate to high in severity while also being more speedy and efficient than last month’s patch. A full list of the bugs and security flaws fixed can be found below. It can also be found on Google’s Nexus Security Bulletin.
|Remote Code Execution Vulnerability in DHCPCD||CVE-2016-1503
|Remote Code Execution Vulnerability in Media Codec||CVE-2016-0834||Critical|
|Remote Code Execution Vulnerability in Mediaserver||CVE-2016-0835
|Remote Code Execution Vulnerability in libstagefright||CVE-2016-0842||Critical|
|Elevation of Privilege Vulnerability in Kernel||CVE-2015-1805||Critical|
|Elevation of Privilege Vulnerability in Qualcomm
|Elevation of Privilege Vulnerability in Qualcomm RF Component||CVE-2016-0844||Critical|
|Elevation of Privilege Vulnerability in Kernel||CVE-2014-9322||Critical|
|Elevation of Privilege Vulnerability in IMemory Native Interface||CVE-2016-0846||High|
|Elevation of Privilege Vulnerability in Telecom Component||CVE-2016-0847||High|
|Elevation of Privilege Vulnerability in Download Manager||CVE-2016-0848||High|
|Elevation of Privilege Vulnerability in Recovery Procedure||CVE-2016-0849||High|
|Elevation of Privilege Vulnerability in Bluetooth||CVE-2016-0850||High|
|Elevation of Privilege Vulnerability in Texas Instruments Haptic Driver||CVE-2016-2409||High|
|Elevation of Privilege Vulnerability in a Video Kernel Driver||CVE-2016-2410||High|
|Elevation of Privilege Vulnerability in Qualcomm
Power Management Component
|Elevation of Privilege Vulnerability in System_server||CVE-2016-2412||High|
|Elevation of Privilege Vulnerability in Mediaserver||CVE-2016-2413||High|
|Denial of Service Vulnerability in Minikin||CVE-2016-2414||High|
|Information Disclosure Vulnerability in Exchange ActiveSync||CVE-2016-2415||High|
|Information Disclosure Vulnerability in Mediaserver||CVE-2016-2416
|Elevation of Privilege Vulnerability in Debuggerd Component||CVE-2016-2420||Moderate|
|Elevation of Privilege Vulnerability in Setup Wizard||CVE-2016-2421||Moderate|
|Elevation of Privilege Vulnerability in Wi-Fi||CVE-2016-2422||Moderate|
|Elevation of Privilege Vulnerability in Telephony||CVE-2016-2423||Moderate|
|Denial of Service Vulnerability in SyncStorageEngine||CVE-2016-2424||Moderate|
|Information Disclosure Vulnerability in AOSP Mail||CVE-2016-2425||Moderate|
|Information Disclosure Vulnerability in Framework||CVE-2016-2426||Moderate|
|Information Disclosure Vulnerability in BouncyCastle||CVE-2016-2427||Moderate|
As you can see, many of the fixes are either marked critical or high in severity, meaning users were pretty vulnerable to hacks and crashes during last month until now. Of course users who own say a Samsung Galaxy device or HTC phone won’t see the patch arrive to their device until the appropriate companies get the update approved by carriers and begin pushing it out later this month, however let’s just hope they don’t take very long to roll out the upgrade since these devices running March’s security patch are so high at risk.
It’s unclear at this point just how much speedier this update can make your device, as last month users were reporting that by installing the March security patch on their Nexus 5X, they made their devices faster. This was very welcome as the 5X isn’t really known for being speedy.
If you own a Nexus device, however, expect the security patch to hit your device very soon. But if you’re like me and are impatient, you can download the factory image for your device from the links below:
- Nexus 6P
- Nexus 5X
- Nexus 6
- Nexus Player
- Nexus 9 (LTE)
- Nexus 9 (Wi-Fi)
- Nexus 5
- Nexus 7 2013 (Wi-Fi)
- Nexus 7 2013 (Mobile)
- Nexus 10
Google has provided users with a guide on how to flash the image to your device. As I don’t currently have one personally, I thought I’d add Google’s to this report for reference.
To flash a device using one of the system images below (or one of your own), you need the latest
fastboottool. You can get it from one of the sources below.
- From a compiled version of the Android Open Source Project.
- From the
platform-tools/directory in the Android SDK. Be sure that you have the latest version of the Android SDK Platform-tools from the SDK Manager.
Once you have the
fastboottool, add it to your
PATHenvironment variable (the
flash-allscript below must be able to find it). Also be certain that you’ve set up USB access for your device, as described in the Using Hardware Devicesguide.
Caution: Flashing a new system image deletes all user data. Be certain to first backup any personal data such as photos.
To flash a system image:
- Download the appropriate system image for your device below, then unzip it to a safe directory.
- Connect your device to your computer over USB.
- Start the device in fastboot mode with one of the following methods:
- Using the adb tool: With the device powered on, execute:adb reboot bootloader
- Using a key combo: Turn the device off, then turn it on and immediately hold down the relevant key combination for your device. For example, to put a Nexus 5 (“hammerhead”) into fastboot mode, press and hold Volume Up + Volume Down + Power as the device begins booting up.
- If necessary, unlock the device’s bootloader by running:fastboot flashing unlock
or, for older devices, running:fastboot oem unlock
The target device will show you a confirmation screen. (This erases all data on the target device.)
- Open a terminal and navigate to the unzipped system image directory.
- Execute the
flash-allscript. This script installs the necessary bootloader, baseband firmware(s), and operating system.
Once the script finishes, your device reboots. You should now lock the bootloader for security:
- Start the device in fastboot mode again, as described above.
- Execute:fastboot flashing lock
or, for older devices, running:fastboot oem lock
Locking bootloader will wipe the data on some devices. After locking the bootloader, if you want to flash the device again, you must run
fastboot oem unlockagain, which will wipe the data.
Have you received April’s security patch yet on your Nexus device? Let us know in the comments!
You must log in to post a comment.