Google’s December 2016 Security Patch is Now Rolling Out to Pixel and Nexus Devices

img_20161205_173359444_burst000_cover_top

Today’s release of Android 7.1.1 Nougat brings with it the December security patch. For the last month of 2016, the company is releasing two patches, with one labeled 2016-12-01 and the other being 2016-12-05. These patches include various fixes between the two for a variety of issues and holes, with the most serious being a remote code execution vulnerability within CURL/LIBCURL and an “elevation of privilege” vulnerability in Android’s kernel memory subsystem. You can view full lists of all the bugs squashed within each patch below.

2016-12-01

Issue CVE Severity Affects Google devices?
Remote code execution vulnerability in CURL/LIBCURL CVE-2016-5419, CVE-2016-5420, CVE-2016-5421 High Yes
Elevation of privilege vulnerability in libziparchive CVE-2016-6762 High Yes
Denial of service vulnerability in Telephony CVE-2016-6763 High Yes
Denial of service vulnerability in Mediaserver CVE-2016-6766, CVE-2016-6765, CVE-2016-6764, CVE-2016-6767 High Yes
Remote Code Execution vulnerability in Framesequence library CVE-2016-6768 High Yes
Elevation of privilege vulnerability in Smart Lock CVE-2016-6769 Moderate No*
Elevation of privilege vulnerability in Framework APIs CVE-2016-6770 Moderate Yes
Elevation of privilege vulnerability in Telephony CVE-2016-6771 Moderate Yes
Elevation of privilege vulnerability in Wi-Fi CVE-2016-6772 Moderate Yes
Information disclosure vulnerability in Mediaserver CVE-2016-6773 Moderate Yes
Information disclosure vulnerability in Package Manager CVE-2016-6774 Moderate Yes

2016-12-05 (includes all fixes found in 2016-12-01 alongside the following)

Issue CVE Severity Affects Google devices?
Elevation of privilege vulnerability in kernel memory subsystem CVE-2016-4794, CVE-2016-5195 Critical Yes
Elevation of privilege vulnerability in NVIDIA GPU driver CVE-2016-6775, CVE-2016-6776, CVE-2016-6777 Critical Yes
Elevation of privilege vulnerability in kernel CVE-2015-8966 Critical No*
Elevation of privilege vulnerability in NVIDIA video driver CVE-2016-6915, CVE-2016-6916, CVE-2016-6917 Critical Yes
Elevation of privilege vulnerability in kernel ION driver CVE-2016-9120 Critical Yes
Vulnerabilities in Qualcomm components CVE-2016-8411 Critical Yes
Elevation of privilege vulnerability in kernel file system CVE-2014-4014 High Yes
Elevation of privilege vulnerability in kernel CVE-2015-8967 High Yes
Elevation of privilege vulnerability in HTC sound codec driver CVE-2016-6778, CVE-2016-6779, CVE-2016-6780 High Yes
Elevation of privilege vulnerability in MediaTek driver CVE-2016-6492, CVE-2016-6781, CVE-2016-6782, CVE-2016-6783, CVE-2016-6784, CVE-2016-6785 High No*
Elevation of privilege vulnerability in Qualcomm media codecs CVE-2016-6761, CVE-2016-6760, CVE-2016-6759, CVE-2016-6758 High Yes
Elevation of privilege vulnerability in Qualcomm camera driver CVE-2016-6755 High Yes
Elevation of privilege vulnerability in kernel performance subsystem CVE-2016-6786, CVE-2016-6787 High Yes
Elevation of privilege vulnerability in MediaTek I2C driver CVE-2016-6788 High No*
Elevation of privilege vulnerability in NVIDIA libomx library CVE-2016-6789, CVE-2016-6790 High Yes
Elevation of privilege vulnerability in Qualcomm sound driver CVE-2016-6791, CVE-2016-8391, CVE-2016-8392 High Yes
Elevation of privilege vulnerability in kernel security subsystem CVE-2015-7872 High Yes
Elevation of privilege vulnerability in Synaptics touchscreen driver CVE-2016-8393, CVE-2016-8394 High Yes
Elevation of privilege vulnerability in Broadcom Wi-Fi driver CVE-2014-9909, CVE-2014-9910 High No*
Information disclosure vulnerability in MediaTek video driver CVE-2016-8396 High No*
Information disclosure vulnerability in NVIDIA video driver CVE-2016-8397 High Yes
Denial of service vulnerability in GPS CVE-2016-5341 High Yes
Denial of service vulnerability in NVIDIA camera driver CVE-2016-8395 High Yes
Elevation of privilege vulnerability in kernel networking subsystem CVE-2016-8399 Moderate Yes
Information disclosure vulnerability in Qualcomm components CVE-2016-6756, CVE-2016-6757 Moderate Yes
Information disclosure vulnerability in NVIDIA librm library CVE-2016-8400 Moderate Yes
Information disclosure vulnerability in kernel components CVE-2016-8401, CVE-2016-8402, CVE-2016-8403, CVE-2016-8404, CVE-2016-8405, CVE-2016-8406, CVE-2016-8407 Moderate Yes
Information disclosure vulnerability in NVIDIA video driver CVE-2016-8408, CVE-2016-8409 Moderate Yes
Information disclosure vulnerability in Qualcomm sound driver CVE-2016-8410 Moderate Yes

If you’re looking for factory and OTA updates, you can find them on this page as they’re in the form of Android 7.1.1 Nougat. This means that you’ll have to update to the latest version of Android in order to get the security patch. However, this isn’t a bad thing as you’ll be up-to-date in a variety of ways, specifically system-wide security.





There is 1 comment

Add yours

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: