Google’s May Security Patch is Rolling Out – Download Factory Images for Nexus Devices Here

android-6-marshmallow-4

Google has officially released the security patch for the month of May which will be rolling out first to Nexus devices then to other smartphones as more and more manufacturers get their hands on the new update to build it for their handsets.

In addition to the usual security fixes and bug patches, Google announced that they are renaming their bulletin board to the Android Security Board to better suite the fact that these updates not only roll out to Nexus phones and tablets but to Android devices in general regardless of whether issues fixed in the builds affect a Nexus or not.

In total, 24 issues have been fixed in the latest security patch, with the most severe being one that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.

Here’s the full list of bugs fixed and security flaws patched listed on this month’s bulletin board:

Issue CVE Severity Affects Nexus?
Remote Code Execution Vulnerability in Mediaserver CVE-2016-2428
CVE-2016-2429
Critical Yes
Elevation of Privilege Vulnerability in Debuggerd CVE-2016-2430 Critical Yes
Elevation of Privilege Vulnerability in Qualcomm TrustZone CVE-2016-2431
CVE-2016-2432
Critical Yes
Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver CVE-2015-0569
CVE-2015-0570
Critical Yes
Elevation of Privilege Vulnerability in NVIDIA Video Driver CVE-2016-2434
CVE-2016-2435
CVE-2016-2436
CVE-2016-2437
Critical Yes
Elevation of Privilege Vulnerability in Kernel CVE-2015-1805 Critical Yes
Remote Code Execution Vulnerability in Kernel CVE-2016-2438 High Yes
Information Disclosure Vulnerability in Qualcomm Tethering Controller CVE-2016-2060 High No
Remote Code Execution in Bluetooth CVE-2016-2439 High Yes
Elevation of Privilege in Binder CVE-2016-2440 High Yes
Elevation of Privilege Vulnerability in Qualcomm Buspm Driver CVE-2016-2441
CVE-2016-2442
High Yes
Elevation of Privilege Vulnerability in Qualcomm MDP Driver CVE-2016-2443 High Yes
Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver CVE-2015-0571 High Yes
Elevation of Privilege Vulnerability in NVIDIA Video Driver CVE-2016-2444
CVE-2016-2445
CVE-2016-2446
High Yes
Elevation of Privilege in Wi-Fi CVE-2016-2447 High Yes
Elevation of Privilege Vulnerability in Mediaserver CVE-2016-2448
CVE-2016-2449
CVE-2016-2450
CVE-2016-2451
CVE-2016-2452
High Yes
Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver CVE-2016-2453 High Yes
Remote Denial of Service Vulnerability in Qualcomm Hardware Codec CVE-2016-2454 High Yes
Elevation of Privilege in Conscrypt CVE-2016-2461
CVE-2016-2462
Moderate Yes
Elevation of Privilege Vulnerability in OpenSSL & BoringSSL CVE-2016-0705 Moderate Yes
Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver CVE-2016-2456 Moderate Yes
Elevation of Privilege in Wi-Fi CVE-2016-2457 Moderate Yes
Information Disclosure Vulnerability in AOSP Mail CVE-2016-2458 Moderate Yes
Information Disclosure Vulnerability in Mediaserver CVE-2016-2459
CVE-2016-2460
Moderate Yes
Denial of Service Vulnerability in Kernel CVE-2016-0774 Low Yes

To get this new update on your device right now, you must have a Nexus device and a) wait for the patch to reach you via OTA or b) flash it manually using one of the factory images below. I must warn you that this will erase all data on your phone/tablet, so be sure to make a backup first of anything important.

Google has provided users with a guide on how to flash the image to your device. As I don’t currently have one personally, I thought I’d add Google’s to this report for reference.

Flashing Instructions

To flash a device using one of the system images below (or one of your own), you need the latest fastboot tool. You can get it from one of the sources below.

Once you have the fastboot tool, add it to your PATH environment variable (the flash-all script below must be able to find it). Also be certain that you’ve set up USB access for your device, as described in the Using Hardware Devicesguide.

Caution: Flashing a new system image deletes all user data. Be certain to first backup any personal data such as photos.

To flash a system image:

  1. Download the appropriate system image for your device below, then unzip it to a safe directory.
  2. Connect your device to your computer over USB.
  3. Start the device in fastboot mode with one of the following methods:
    • Using the adb tool: With the device powered on, execute:
      adb reboot bootloader
    • Using a key combo: Turn the device off, then turn it on and immediately hold down the relevant key combination for your device. For example, to put a Nexus 5 (“hammerhead”) into fastboot mode, press and hold Volume Up + Volume Down + Power as the device begins booting up.
  4. If necessary, unlock the device’s bootloader by running:
    fastboot flashing unlock

    or, for older devices, running:

    fastboot oem unlock

    The target device will show you a confirmation screen. (This erases all data on the target device.)

  5. Open a terminal and navigate to the unzipped system image directory.
  6. Execute the flash-all script. This script installs the necessary bootloader, baseband firmware(s), and operating system.

Once the script finishes, your device reboots. You should now lock the bootloader for security:

  1. Start the device in fastboot mode again, as described above.
  2. Execute:
    fastboot flashing lock

    or, for older devices, running:

    fastboot oem lock

Locking bootloader will wipe the data on some devices. After locking the bootloader, if you want to flash the device again, you must run fastboot oem unlock again, which will wipe the data.

Have you received May’s security patch yet on your Nexus device? Let us know in the comments!




There are no comments

Add yours

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: