April 2016 Security Patch for Android Now Out for Nexus Devices – Download Factory Images Here

android-6-0-marshmallow1

Google has released yet another security patch for Android devices, with this one being specific for the month of April. It includes a number of bug and security fixes ranging from moderate to high in severity while also being more speedy and efficient than last month’s patch. A full list of the bugs and security flaws fixed can be found below. It can also be found on Google’s Nexus Security Bulletin.

Issue CVE Severity
Remote Code Execution Vulnerability in DHCPCD CVE-2016-1503
CVE-2014-6060
Critical
Remote Code Execution Vulnerability in Media Codec CVE-2016-0834 Critical
Remote Code Execution Vulnerability in Mediaserver CVE-2016-0835
CVE-2016-0836
CVE-2016-0837
CVE-2016-0838
CVE-2016-0839
CVE-2016-0840
CVE-2016-0841
Critical
Remote Code Execution Vulnerability in libstagefright CVE-2016-0842 Critical
Elevation of Privilege Vulnerability in Kernel CVE-2015-1805 Critical
Elevation of Privilege Vulnerability in Qualcomm
Performance Module
CVE-2016-0843 Critical
Elevation of Privilege Vulnerability in Qualcomm RF Component CVE-2016-0844 Critical
Elevation of Privilege Vulnerability in Kernel CVE-2014-9322 Critical
Elevation of Privilege Vulnerability in IMemory Native Interface CVE-2016-0846 High
Elevation of Privilege Vulnerability in Telecom Component CVE-2016-0847 High
Elevation of Privilege Vulnerability in Download Manager CVE-2016-0848 High
Elevation of Privilege Vulnerability in Recovery Procedure CVE-2016-0849 High
Elevation of Privilege Vulnerability in Bluetooth CVE-2016-0850 High
Elevation of Privilege Vulnerability in Texas Instruments Haptic Driver CVE-2016-2409 High
Elevation of Privilege Vulnerability in a Video Kernel Driver CVE-2016-2410 High
Elevation of Privilege Vulnerability in Qualcomm
Power Management Component
CVE-2016-2411 High
Elevation of Privilege Vulnerability in System_server CVE-2016-2412 High
Elevation of Privilege Vulnerability in Mediaserver CVE-2016-2413 High
Denial of Service Vulnerability in Minikin CVE-2016-2414 High
Information Disclosure Vulnerability in Exchange ActiveSync CVE-2016-2415 High
Information Disclosure Vulnerability in Mediaserver CVE-2016-2416
CVE-2016-2417
CVE-2016-2418
CVE-2016-2419
High
Elevation of Privilege Vulnerability in Debuggerd Component CVE-2016-2420 Moderate
Elevation of Privilege Vulnerability in Setup Wizard CVE-2016-2421 Moderate
Elevation of Privilege Vulnerability in Wi-Fi CVE-2016-2422 Moderate
Elevation of Privilege Vulnerability in Telephony CVE-2016-2423 Moderate
Denial of Service Vulnerability in SyncStorageEngine CVE-2016-2424 Moderate
Information Disclosure Vulnerability in AOSP Mail CVE-2016-2425 Moderate
Information Disclosure Vulnerability in Framework CVE-2016-2426 Moderate
Information Disclosure Vulnerability in BouncyCastle CVE-2016-2427 Moderate

As you can see, many of the fixes are either marked critical or high in severity, meaning users were pretty vulnerable to hacks and crashes during last month until now. Of course users who own say a Samsung Galaxy device or HTC phone won’t see the patch arrive to their device until the appropriate companies get the update approved by carriers and begin pushing it out later this month, however let’s just hope they don’t take very long to roll out the upgrade since these devices running March’s security patch are so high at risk.

It’s unclear at this point just how much speedier this update can make your device, as last month users were reporting that by installing the March security patch on their Nexus 5X, they made their devices faster. This was very welcome as the 5X isn’t really known for being speedy.

If you own a Nexus device, however, expect the security patch to hit your device very soon. But if you’re like me and are impatient, you can download the factory image for your device from the links below:

Google has provided users with a guide on how to flash the image to your device. As I don’t currently have one personally, I thought I’d add Google’s to this report for reference.

Flashing Instructions

To flash a device using one of the system images below (or one of your own), you need the latest fastboot tool. You can get it from one of the sources below.

Once you have the fastboot tool, add it to your PATH environment variable (the flash-all script below must be able to find it). Also be certain that you’ve set up USB access for your device, as described in the Using Hardware Devicesguide.

Caution: Flashing a new system image deletes all user data. Be certain to first backup any personal data such as photos.

To flash a system image:

  1. Download the appropriate system image for your device below, then unzip it to a safe directory.
  2. Connect your device to your computer over USB.
  3. Start the device in fastboot mode with one of the following methods:
    • Using the adb tool: With the device powered on, execute:
      adb reboot bootloader
    • Using a key combo: Turn the device off, then turn it on and immediately hold down the relevant key combination for your device. For example, to put a Nexus 5 (“hammerhead”) into fastboot mode, press and hold Volume Up + Volume Down + Power as the device begins booting up.
  4. If necessary, unlock the device’s bootloader by running:
    fastboot flashing unlock

    or, for older devices, running:

    fastboot oem unlock

    The target device will show you a confirmation screen. (This erases all data on the target device.)

  5. Open a terminal and navigate to the unzipped system image directory.
  6. Execute the flash-all script. This script installs the necessary bootloader, baseband firmware(s), and operating system.

Once the script finishes, your device reboots. You should now lock the bootloader for security:

  1. Start the device in fastboot mode again, as described above.
  2. Execute:
    fastboot flashing lock

    or, for older devices, running:

    fastboot oem lock

Locking bootloader will wipe the data on some devices. After locking the bootloader, if you want to flash the device again, you must run fastboot oem unlock again, which will wipe the data.

Have you received April’s security patch yet on your Nexus device? Let us know in the comments!




There are no comments

Add yours

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: