As promised to come out each month, Google has begun rolling out the August security patch to Nexus devices worldwide. And just like last month, there’s two different patches rolling out to Android devices, with one labeled 2016-08-01 and the second 2016-08-05, with the latter going to Nexus devices.
According to the August security bulletin, a total of 14 bugs are fixed in the security patch 2016-08-01, while 28 are resolved in 2016-08-05. All but one fix within the latter affect Nexus devices, presumably which is the reason why this patch is going out to this specific set of devices and not the former.
The most critical bug fixed in this month’s security patch is one that could enable remote code execution when browsing or using email and MMS. Google has stated that no user reports about this bug have been filed, however it’s better to be safe than sorry.
Here’s a full list of all the bugs fixed in the patch labeled 2016-08-01.
|Remote code execution vulnerability in Mediaserver||CVE-2016-3819, CVE-2016-3820, CVE-2016-3821||Critical||Yes|
|Remote code execution vulnerability in libjhead||CVE-2016-3822||High||Yes|
|Elevation of privilege vulnerability in Mediaserver||CVE-2016-3823, CVE-2016-3824, CVE-2016-3825, CVE-2016-3826||High||Yes|
|Denial of service vulnerability in Mediaserver||CVE-2016-3827, CVE-2016-3828, CVE-2016-3829, CVE-2016-3830||High||Yes|
|Denial of service vulnerability in system clock||CVE-2016-3831||High||Yes|
|Elevation of privilege vulnerability in framework APIs||CVE-2016-3832||Moderate||Yes|
|Elevation of privilege vulnerability in S hell||CVE-2016-3833||Moderate||Yes|
|Information disclosure vulnerability in OpenSSL||CVE-2016-2842||Moderate||Yes|
|Information disclosure vulnerability in camera APIs||CVE-2016-3834||Moderate||Yes|
|Information disclosure vulnerability in Mediaserver||CVE-2016-3835||Moderate||Yes|
|Information disclosure vulnerability in SurfaceFlinger||CVE-2016-3836||Moderate||Yes|
|Information disclosure vulnerability in Wi-Fi||CVE-2016-3837||Moderate||Yes|
|Denial of service vulnerability in system UI||CVE-2016-3838||Moderate||Yes|
|Denial of service vulnerability in Bluetooth||CVE-2016-3839||Moderate||Yes|
And here’s a full list of the ones fixed in the patch labeled 2016-08-05.
|Remote code execution vulnerability in Qualcomm Qualcomm Wi-Fi driver||CVE-2014-9902||Critical||Yes|
|Remote code execution vulnerability in Conscrypt||CVE-2016-3840||Critical||Yes|
|Elevation of privilege vulnerability in Qualcomm components||CVE-2014-9863, CVE-2014-9864, CVE-2014-9865, CVE-2014-9866, CVE-2014-9867, CVE-2014-9868, CVE-2014-9869, CVE-2014-9870, CVE-2014-9871, CVE-2014-9872, CVE-2014-9873, CVE-2014-9874, CVE-2014-9875, CVE-2014-9876, CVE-2014-9877, CVE-2014-9878, CVE-2014-9879, CVE-2014-9880, CVE-2014-9881, CVE-2014-9882, CVE-2014-9883, CVE-2014-9884, CVE-2014-9885, CVE-2014-9886, CVE-2014-9887, CVE-2014-9888, CVE-2014-9889, CVE-2014-9890, CVE-2014-9891, CVE-2015-8937, CVE-2015-8938, CVE-2015-8939, CVE-2015-8940, CVE-2015-8941, CVE-2015-8942, CVE-2015-8943||Critical||Yes|
|Elevation of privilege vulnerability in kernel networking component||CVE-2015-2686, CVE-2016-3841||Critical||Yes|
|Elevation of privilege vulnerability in Qualcomm GPU driver||CVE-2016-2504, CVE-2016-3842||Critical||Yes|
|Elevation of privilege vulnerability in Qualcomm performance component||CVE-2016-3843||Critical||Yes|
|Elevation of privilege vulnerability in kernel||CVE-2016-3857||Critical||Yes|
|Elevation of privilege vulnerability in kernel memory system||CVE-2015-1593, CVE-2016-3672||High||Yes|
|Elevation of privilege vulnerability in kernel sound component||CVE-2016-2544, CVE-2016-2546, CVE-2014-9904||High||Yes|
|Elevation of privilege vulnerability in kernel file system||CVE-2012-6701||High||Yes|
|Elevation of privilege vulnerability in Mediaserver||CVE-2016-3844||High||Yes|
|Elevation of privilege vulnerability in kernel video driver||CVE-2016-3845||High||Yes|
|Elevation of privilege vulnerability in Serial Peripheral Interface driver||CVE-2016-3846||High||Yes|
|Elevation of privilege vulnerability in NVIDIA media driver||CVE-2016-3847, CVE-2016-3848||High||Yes|
|Elevation of privilege vulnerability in ION driver||CVE-2016-3849||High||Yes|
|Elevation of privilege vulnerability in Qualcomm bootloader||CVE-2016-3850||High||Yes|
|Elevation of privilege vulnerability in kernel performance subsystem||CVE-2016-3843||High||Yes|
|Elevation of privilege vulnerability in LG Electronics bootloader||CVE-2016-3851||High||Yes|
|Information disclosure vulnerability in Qualcomm components||CVE-2014-9892, CVE-2014-9893 CVE-2014-9894, CVE-2014-9895 CVE-2014-9896, CVE-2014-9897 CVE-2014-9898, CVE-2014-9899 CVE-2014-9900, CVE-2015-8944||High||Yes|
|Information disclosure vulnerability in kernel scheduler||CVE-2014-9903||High||Yes|
|Information disclosure vulnerability in MediaTek Wi-Fi driver||CVE-2016-3852||High||Yes|
|Information disclosure vulnerability in USB driver||CVE-2016-4482||High||Yes|
|Denial of service vulnerability in Qualcomm components||CVE-2014-9901||High||Yes|
|Elevation of privilege vulnerability in Google Play services||CVE-2016-3853||Moderate||Yes|
|Elevation of privilege vulnerability in Framework APIs||CVE-2016-2497||Moderate||Yes|
|Information disclosure vulnerability in kernel networking component||CVE-2016-4578||Moderate||Yes|
|Information disclosure vulnerability in kernel sound component||CVE-2016-4569, CVE-2016-4578||Moderate||Yes|
|Vulnerabilities in Qualcomm components||CVE-2016-3854, CVE-2016-3855, CVE-2016-3856||High||No|
We’ve got a full list of all the factory images and OTA images you can manually load onto your device below (thanks to 9to5Google). Feel free to download the image appropriate for your Nexus below. Keep in mind that flashing one of the images below will totally erase any data you currently have on your phone or tablet.
- Pixel C Factory Image | Pixel C OTA
- Nexus 6P Factory Image | Nexus 6P OTA
- Nexus 5X Factory Image | Nexus 5X OTA
- Nexus 6 Factory Image (2) | Nexus 6 OTA (2)
- Nexus Player Factory Image | Nexus Player OTA
- Nexus 9 (LTE) Factory Image | Nexus 9 (LTE) OTA
- Nexus 9 (Wi-Fi) Factory Image | Nexus 9 OTA
- Nexus 5 Factory Image | Nexus 5 OTA
- Nexus 7 2013 (Wi-Fi) Factory Image | Nexus 7 2013 OTA
- Nexus 7 2013 (Mobile) Factory Image (2) | Nexus 7 2013 (Mobile) OTA (2)
In about a week, this update should begin rolling out to Android devices everywhere. If you don’t wanna wait, download one of the factory images linked above and follow Google’s official guide on how to flash these images to your devices (seen below).
To flash a device using one of the system images below (or one of your own), you need the latest fastboot tool. You can get it from one of the sources below.
- From a compiled version of the Android Open Source Project.
- From the platform-tools/ directory in the Android SDK. Be sure that you have the latest version of the Android SDK Platform-tools from the SDK Manager.
Once you have the fastboot tool, add it to your PATH environment variable (the flash-all script below must be able to find it). Also be certain that you’ve set up USB access for your device, as described in the Using Hardware Devicesguide.
Caution: Flashing a new system image deletes all user data. Be certain to first backup any personal data such as photos.
To flash a system image:
- Download the appropriate system image for your device below, then unzip it to a safe directory.
- Connect your device to your computer over USB.
- Start the device in fastboot mode with one of the following methods:
- Using the adb tool: With the device powered on, execute: adb reboot bootloader
- Using a key combo: Turn the device off, then turn it on and immediately hold down the relevant key combination for your device. For example, to put a Nexus 5 (“hammerhead”) into fastboot mode, press and hold Volume Up + Volume Down + Power as the device begins booting up.
- If necessary, unlock the device’s bootloader by running: fastboot flashing unlock
or, for older devices, running:
fastboot oem unlock
The target device will show you a confirmation screen. (This erases all data on the target device.)
- Open a terminal and navigate to the unzipped system image directory.
- Execute the flash-all script. This script installs the necessary bootloader, baseband firmware(s), and operating system.
Once the script finishes, your device reboots. You should now lock the bootloader for security:
- Start the device in fastboot mode again, as described above.
- Execute: fastboot flashing lock
or, for older devices, running:
fastboot oem lock
Locking bootloader will wipe the data on some devices. After locking the bootloader, if you want to flash the device again, you must run fastboot oem unlock again, which will wipe the data.
You must log in to post a comment.