Google’s Now Rolling Out the June Security Patch – Download It Here

android-6-0-marshmallow-reveal-official

Google has begun to roll out the June 2016 security patch to Nexus devices around the world. This new update contains 21 fixes for bugs found by internal security teams and other independent researchers. Download links can be found below…

Here’s a full list of all the bugs and security vulnerabilities fixed in the latest patch found on Google’s official June security bulletin board:

Issue

CVE

Severity

Affects Nexus?

Remote Code Execution Vulnerability in Mediaserver

CVE-2016-2463

Critical

Yes

Remote Code Execution Vulnerabilities in libwebm

CVE-2016-2464

Critical

Yes

Elevation of Privilege Vulnerability in Qualcomm Video Driver

CVE-2016-2465

Critical

Yes

Elevation of Privilege Vulnerability in Qualcomm Sound Driver

CVE-2016-2466

CVE-2016-2467

Critical

Yes

Elevation of Privilege Vulnerability in Qualcomm GPU Driver

CVE-2016-2468

CVE-2016-2062

Critical

Yes

Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver

CVE-2016-2474

Critical

Yes

Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver

CVE-2016-2475

High

Yes

Elevation of Privilege Vulnerability in Qualcomm Sound Driver

CVE-2016-2066

CVE-2016-2469

High

Yes

Elevation of Privilege Vulnerability in Mediaserver

CVE-2016-2476

CVE-2016-2477

CVE-2016-2478

CVE-2016-2479

CVE-2016-2480

CVE-2016-2481

CVE-2016-2482

CVE-2016-2483

CVE-2016-2484

CVE-2016-2485

CVE-2016-2486

CVE-2016-2487

High

Yes

Elevation of Privilege Vulnerability in Qualcomm Camera Driver

CVE-2016-2061

CVE-2016-2488

High

Yes

Elevation of Privilege Vulnerability in Qualcomm Video Driver

CVE-2016-2489

High

Yes

Elevation of Privilege Vulnerability in NVIDIA Camera Driver

CVE-2016-2490

CVE-2016-2491

High

Yes

Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver

CVE-2016-2470

CVE-2016-2471

CVE-2016-2472

CVE-2016-2473

High

Yes

Elevation of Privilege Vulnerability in MediaTek Power Management Driver

CVE-2016-2492

High

Yes

Elevation of Privilege Vulnerability in SD Card Emulation Layer

CVE-2016-2494

High

Yes

Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver

CVE-2016-2493

High

Yes

Remote Denial of Service Vulnerability in Mediaserver

CVE-2016-2495

High

Yes

Elevation of Privilege Vulnerability in Framework UI

CVE-2016-2496

Moderate

Yes

Information Disclosure Vulnerability in Qualcomm Wi-Fi Driver

CVE-2016-2498

Moderate

Yes

Information Disclosure Vulnerability in Mediaserver

CVE-2016-2499

Moderate

Yes

Information Disclosure Vulnerability in Activity Manager

CVE-2016-2500

Moderate

Yes

As you can see, the most severe vulnerability (which, coincidentally, no users have reported on) is one which could allow someone to execute a line of code on your device while browsing or using email or MMS.

Oddly enough, this isn’t the first appearance of the June security patch. Just a week ago, Samsung began rolling out the update to their Galaxy S7 Edge smartphone. This is a rare occurrence as Sammy’s usually one of the last manufacturers to push out updates of any kind concerning Android-based ones. Nonetheless, it looks like this month Nexus is second in line rather the normal first in line position.

Here’s a full list of links which direct you to a download of the official factory images for the June security patch according to your type of device:

Google has provided users with a guide on how to flash the image to your device. As we don’t currently have one, I thought I’d add Google’s to this report for reference.

Flashing Instructions

To flash a device using one of the system images below (or one of your own), you need the latest fastboot tool. You can get it from one of the sources below.

Once you have the fastboot tool, add it to your PATH environment variable (the flash-all script below must be able to find it). Also be certain that you’ve set up USB access for your device, as described in the Using Hardware Devicesguide.

Caution: Flashing a new system image deletes all user data. Be certain to first backup any personal data such as photos.

To flash a system image:

  1. Download the appropriate system image for your device below, then unzip it to a safe directory.
  2. Connect your device to your computer over USB.
  3. Start the device in fastboot mode with one of the following methods:
    • Using the adb tool: With the device powered on, execute: adb reboot bootloader
    • Using a key combo: Turn the device off, then turn it on and immediately hold down the relevant key combination for your device. For example, to put a Nexus 5 (“hammerhead”) into fastboot mode, press and hold Volume Up + Volume Down + Power as the device begins booting up.
  4. If necessary, unlock the device’s bootloader by running: fastboot flashing unlock
    or, for older devices, running:
    fastboot oem unlock
    The target device will show you a confirmation screen. (This erases all data on the target device.)
  5. Open a terminal and navigate to the unzipped system image directory.
  6. Execute the flash-all script. This script installs the necessary bootloader, baseband firmware(s), and operating system.

Once the script finishes, your device reboots. You should now lock the bootloader for security:

  1. Start the device in fastboot mode again, as described above.
  2. Execute: fastboot flashing lock
    or, for older devices, running:
    fastboot oem lock

Locking bootloader will wipe the data on some devices. After locking the bootloader, if you want to flash the device again, you must run fastboot oem unlock again, which will wipe the data.

Have you received June’s security patch yet on your Nexus device? Let us know in the comments!


Source: 9to5Google




There are no comments

Add yours

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: