Google has officially released the security patch for the month of May which will be rolling out first to Nexus devices then to other smartphones as more and more manufacturers get their hands on the new update to build it for their handsets.
In addition to the usual security fixes and bug patches, Google announced that they are renaming their bulletin board to the Android Security Board to better suite the fact that these updates not only roll out to Nexus phones and tablets but to Android devices in general regardless of whether issues fixed in the builds affect a Nexus or not.
In total, 24 issues have been fixed in the latest security patch, with the most severe being one that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.
Here’s the full list of bugs fixed and security flaws patched listed on this month’s bulletin board:
|Remote Code Execution Vulnerability in Mediaserver||CVE-2016-2428
|Elevation of Privilege Vulnerability in Debuggerd||CVE-2016-2430||Critical||Yes|
|Elevation of Privilege Vulnerability in Qualcomm TrustZone||CVE-2016-2431
|Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver||CVE-2015-0569
|Elevation of Privilege Vulnerability in NVIDIA Video Driver||CVE-2016-2434
|Elevation of Privilege Vulnerability in Kernel||CVE-2015-1805||Critical||Yes|
|Remote Code Execution Vulnerability in Kernel||CVE-2016-2438||High||Yes|
|Information Disclosure Vulnerability in Qualcomm Tethering Controller||CVE-2016-2060||High||No|
|Remote Code Execution in Bluetooth||CVE-2016-2439||High||Yes|
|Elevation of Privilege in Binder||CVE-2016-2440||High||Yes|
|Elevation of Privilege Vulnerability in Qualcomm Buspm Driver||CVE-2016-2441
|Elevation of Privilege Vulnerability in Qualcomm MDP Driver||CVE-2016-2443||High||Yes|
|Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver||CVE-2015-0571||High||Yes|
|Elevation of Privilege Vulnerability in NVIDIA Video Driver||CVE-2016-2444
|Elevation of Privilege in Wi-Fi||CVE-2016-2447||High||Yes|
|Elevation of Privilege Vulnerability in Mediaserver||CVE-2016-2448
|Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver||CVE-2016-2453||High||Yes|
|Remote Denial of Service Vulnerability in Qualcomm Hardware Codec||CVE-2016-2454||High||Yes|
|Elevation of Privilege in Conscrypt||CVE-2016-2461
|Elevation of Privilege Vulnerability in OpenSSL & BoringSSL||CVE-2016-0705||Moderate||Yes|
|Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver||CVE-2016-2456||Moderate||Yes|
|Elevation of Privilege in Wi-Fi||CVE-2016-2457||Moderate||Yes|
|Information Disclosure Vulnerability in AOSP Mail||CVE-2016-2458||Moderate||Yes|
|Information Disclosure Vulnerability in Mediaserver||CVE-2016-2459
|Denial of Service Vulnerability in Kernel||CVE-2016-0774||Low||Yes|
To get this new update on your device right now, you must have a Nexus device and a) wait for the patch to reach you via OTA or b) flash it manually using one of the factory images below. I must warn you that this will erase all data on your phone/tablet, so be sure to make a backup first of anything important.
- Pixel C
- Nexus 6P
- Nexus 5X
- Nexus 6
- Nexus Player
- Nexus 9 (LTE)
- Nexus 9 (Wi-Fi)
- Nexus 5
- Nexus 7 2013 (Wi-Fi)
- Nexus 7 2013 (Mobile)
Google has provided users with a guide on how to flash the image to your device. As I don’t currently have one personally, I thought I’d add Google’s to this report for reference.
To flash a device using one of the system images below (or one of your own), you need the latest
fastboottool. You can get it from one of the sources below.
- From a compiled version of the Android Open Source Project.
- From the
platform-tools/directory in the Android SDK. Be sure that you have the latest version of the Android SDK Platform-tools from the SDK Manager.
Once you have the
fastboottool, add it to your
PATHenvironment variable (the
flash-allscript below must be able to find it). Also be certain that you’ve set up USB access for your device, as described in the Using Hardware Devicesguide.
Caution: Flashing a new system image deletes all user data. Be certain to first backup any personal data such as photos.
To flash a system image:
- Download the appropriate system image for your device below, then unzip it to a safe directory.
- Connect your device to your computer over USB.
- Start the device in fastboot mode with one of the following methods:
- Using the adb tool: With the device powered on, execute:adb reboot bootloader
- Using a key combo: Turn the device off, then turn it on and immediately hold down the relevant key combination for your device. For example, to put a Nexus 5 (“hammerhead”) into fastboot mode, press and hold Volume Up + Volume Down + Power as the device begins booting up.
- If necessary, unlock the device’s bootloader by running:fastboot flashing unlock
or, for older devices, running:fastboot oem unlock
The target device will show you a confirmation screen. (This erases all data on the target device.)
- Open a terminal and navigate to the unzipped system image directory.
- Execute the
flash-allscript. This script installs the necessary bootloader, baseband firmware(s), and operating system.
Once the script finishes, your device reboots. You should now lock the bootloader for security:
- Start the device in fastboot mode again, as described above.
- Execute:fastboot flashing lock
or, for older devices, running:fastboot oem lock
Locking bootloader will wipe the data on some devices. After locking the bootloader, if you want to flash the device again, you must run
fastboot oem unlockagain, which will wipe the data.
Have you received May’s security patch yet on your Nexus device? Let us know in the comments!
You must log in to post a comment.