September Security Patches for Nexus Devices Running Nougat & Marshmallow Now Available [Update: Nexus 6P Nougat Image Now Available]

android-n-header

Google’s September security patch has begun rolling out to Nexus devices all over the world via OTA and factory images. This update marks the first official security patch Android Nougat will receive via one of these methods since the built-in patch within the OS is for August.

A total of three different security levels for the September patch are present, with each marked ‘2016-09-01’, ‘2016-09-05’, and ‘2016-09-06’. A total of 19 bug fixes can be found in the first patch, while the second and third include 45 and 47, respectively. Obviously, the September 6 patch is much more secure, however with multiple security levels, manufactures should be able to choose at least one to load onto their devices.

Here’s a rundown of all the bugs fixed in the 2016-09-01 patch.

Issue CVE Severity Affects Nexus?
Remote code execution vulnerability in LibUtils CVE-2016-3861 Critical Yes
Remote code execution vulnerability in Mediaserver CVE-2016-3862 Critical Yes
Remote code execution vulnerability in MediaMuxer CVE-2016-3863 High Yes
Elevation of privilege vulnerability in Mediaserver CVE-2016-3870, CVE-2016-3871, CVE-2016-3872 High Yes
Elevation of privilege vulnerability in device boot CVE-2016-3875 High No*
Elevation of privilege vulnerability in Settings CVE-2016-3876 High Yes
Denial of service vulnerability in Mediaserver CVE-2016-3899, CVE-2016-3878, CVE-2016-3879, CVE-2016-3880, CVE-2016-3881 High Yes
Elevation of privilege vulnerability in Telephony CVE-2016-3883 Moderate Yes
Elevation of privilege vulnerability in Notification Manager Service CVE-2016-3884 Moderate Yes
Elevation of privilege vulnerability in Debuggerd CVE-2016-3885 Moderate Yes
Elevation of privilege vulnerability in System UI Tuner CVE-2016-3886 Moderate Yes
Elevation of privilege vulnerability in Settings CVE-2016-3887 Moderate Yes
Elevation of privilege vulnerability in SMS CVE-2016-3888 Moderate Yes
Elevation of privilege vulnerability in Settings CVE-2016-3889 Moderate Yes
Elevation of privilege vulnerability in Java Debug Wire Protocol CVE-2016-3890 Moderate No*
Information disclosure vulnerability in Mediaserver CVE-2016-3895 Moderate Yes
Information disclosure vulnerability in AOSP Mail CVE-2016-3896 Moderate No*
Information disclosure vulnerability in Wi-Fi CVE-2016-3897 Moderate No*
Denial of service vulnerability in Telephony CVE-2016-3898 Moderate Yes

Here’s the 2016-09-05 fix list (which includes every fix found in the 2016-09-01 patch).

Issue CVE Severity Affects Nexus?
Elevation of privilege vulnerability in kernel security subsystem CVE-2014-9529, CVE-2016-4470 Critical Yes
Elevation of privilege vulnerability in kernel networking subsystem CVE-2013-7446 Critical Yes
Elevation of privilege vulnerability in kernel netfilter subsystem CVE-2016-3134 Critical Yes
Elevation of privilege vulnerability in kernel USB driver CVE-2016-3951 Critical Yes
Elevation of privilege vulnerability in kernel sound subsystem CVE-2014-4655 High Yes
Elevation of privilege vulnerability in kernel ASN.1 decoder CVE-2016-2053 High Yes
Elevation of privilege vulnerability in Qualcomm radio interface layer CVE-2016-3864 High Yes
Elevation of privilege vulnerability in Qualcomm subsystem driver CVE-2016-3858 High Yes
Elevation of privilege vulnerability in kernel networking driver CVE-2016-4805 High Yes
Elevation of privilege vulnerability in Synaptics touchscreen driver CVE-2016-3865 High Yes
Elevation of privilege vulnerability in Qualcomm camera driver CVE-2016-3859 High Yes
Elevation of privilege vulnerability in Qualcomm sound driver CVE-2016-3866 High Yes
Elevation of privilege vulnerability in Qualcomm IPA driver CVE-2016-3867 High Yes
Elevation of privilege vulnerability in Qualcomm power driver CVE-2016-3868 High Yes
Elevation of privilege vulnerability in Broadcom Wi-Fi driver CVE-2016-3869 High Yes
Elevation of privilege vulnerability in kernel eCryptfs filesystem CVE-2016-1583 High Yes
Elevation of privilege vulnerability in NVIDIA kernel CVE-2016-3873 High Yes
Elevation of privilege vulnerability in Qualcomm Wi-Fi driver CVE-2016-3874 High Yes
Denial of service vulnerability in kernel networking subsystem CVE-2015-1465, CVE-2015-5364 High Yes
Denial of service vulnerability in kernel ext4 file system CVE-2015-8839 High Yes
Information disclosure vulnerability in Qualcomm SPMI driver CVE-2016-3892 Moderate Yes
Information disclosure vulnerability in Qualcomm sound codec CVE-2016-3893 Moderate Yes
Information disclosure vulnerability in Qualcomm DMA component CVE-2016-3894 Moderate Yes
Information disclosure vulnerability in kernel networking subsystem CVE-2016-4998 Moderate Yes
Denial of service vulnerability in kernel networking subsystem CVE-2015-2922 Moderate Yes
Vulnerabilities in Qualcomm components CVE-2016-2469 High No

And finally, here’s the fix list for the patch labeled 2016-09-06 (which includes every fix found in the 2016-09-01 and 2016-09-05 patch).

Issue CVE Severity Affects Nexus?
Elevation of privilege vulnerability in kernel shared memory subsystem CVE-2016-5340 Critical Yes
Elevation of privilege vulnerability in Qualcomm networking component CVE-2016-2059 High Yes

If you’d like to download the factory or OTA image of the September security patch for your device, head over to this webpage or this webpage, respectively. For some reason, the Nexus 6P, Nexus 6, and Nexus 9 LTE Nougat images aren’t currently available. It’s likely that Google’s just falling behind on these files, so they should be up by the end of the day.

Update (09-09-16): After a few days of waiting, Google has finally published the Nexus 6P Nougat image to the factory and OTA images pages. However at this time, the Nexus 6 and Nexus 9 LTE Nougat images appear to still be absent.

In about a week, this update should begin hitting plenty of Android devices. If you don’t wanna wait, download the factory or OTA image appropriate for the type of device you have and follow Google’s official guide on how to flash one of the images (seen below).

Flashing Instructions

To flash a device using one of the system images below (or one of your own), you need the latest fastboot tool. You can get it from one of the sources below.

Once you have the fastboot tool, add it to your PATH environment variable (the flash-all script below must be able to find it). Also be certain that you’ve set up USB access for your device, as described in the Using Hardware Devicesguide.

Caution: Flashing a new system image deletes all user data. Be certain to first backup any personal data such as photos.

To flash a system image:

  1. Download the appropriate system image for your device below, then unzip it to a safe directory.
  2. Connect your device to your computer over USB.
  3. Start the device in fastboot mode with one of the following methods:
    • Using the adb tool: With the device powered on, execute: adb reboot bootloader
    • Using a key combo: Turn the device off, then turn it on and immediately hold down the relevant key combination for your device. For example, to put a Nexus 5 (“hammerhead”) into fastboot mode, press and hold Volume Up + Volume Down + Power as the device begins booting up.
  4. If necessary, unlock the device’s bootloader by running: fastboot flashing unlock
    or, for older devices, running:
    fastboot oem unlock
    The target device will show you a confirmation screen. (This erases all data on the target device.)
  5. Open a terminal and navigate to the unzipped system image directory.
  6. Execute the flash-all script. This script installs the necessary bootloader, baseband firmware(s), and operating system.

Once the script finishes, your device reboots. You should now lock the bootloader for security:

  1. Start the device in fastboot mode again, as described above.
  2. Execute: fastboot flashing lock
    or, for older devices, running:
    fastboot oem lock

Locking bootloader will wipe the data on some devices. After locking the bootloader, if you want to flash the device again, you must run fastboot oem unlock again, which will wipe the data.


Source: Android Security Bulletin, Google Developers (1), (2) via Android Police

 




There are 2 comments

Add yours

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: