Earlier today BlackBerry rolled out an update for the BlackBerry Priv which contained Google’s April 2016 Security updates.
Google have now released factory images with the same April security patch for Nexus devices.
You can now download the latest factory image from Google and flash it yourself.
The update is still Android 6.0.1, but carries a different version number depending which phone or tablet you are using.
The update is available for:
- Nexus 5
- Nexus 5X
- Nexus 6P
- Nexus 6
- Nexus Player
- Nexus 7
- Nexus 9
The table below contains a list of security vulnerabilities, the Common Vulnerability and Exposures ID (CVE), and their assessed severity. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are disabled for development purposes or if successfully bypassed.
[table style=”table-striped”]
| Issue | CVE | Severity |
|---|---|---|
| Remote Code Execution Vulnerability in DHCPCD | CVE-2016-1503 CVE-2014-6060 |
Critical |
| Remote Code Execution Vulnerability in Media Codec | CVE-2016-0834 | Critical |
| Remote Code Execution Vulnerability in Mediaserver | CVE-2016-0835 CVE-2016-0836 CVE-2016-0837 CVE-2016-0838 CVE-2016-0839 CVE-2016-0840 CVE-2016-0841 |
Critical |
| Remote Code Execution Vulnerability in libstagefright | CVE-2016-0842 | Critical |
| Elevation of Privilege Vulnerability in Kernel | CVE-2015-1805 | Critical |
| Elevation of Privilege Vulnerability in Qualcomm Performance Module |
CVE-2016-0843 | Critical |
| Elevation of Privilege Vulnerability in Qualcomm RF Component | CVE-2016-0844 | Critical |
| Elevation of Privilege Vulnerability in Kernel | CVE-2014-9322 | Critical |
| Elevation of Privilege Vulnerability in IMemory Native Interface | CVE-2016-0846 | High |
| Elevation of Privilege Vulnerability in Telecom Component | CVE-2016-0847 | High |
| Elevation of Privilege Vulnerability in Download Manager | CVE-2016-0848 | High |
| Elevation of Privilege Vulnerability in Recovery Procedure | CVE-2016-0849 | High |
| Elevation of Privilege Vulnerability in Bluetooth | CVE-2016-0850 | High |
| Elevation of Privilege Vulnerability in Texas Instruments Haptic Driver | CVE-2016-2409 | High |
| Elevation of Privilege Vulnerability in a Video Kernel Driver | CVE-2016-2410 | High |
| Elevation of Privilege Vulnerability in Qualcomm Power Management Component |
CVE-2016-2411 | High |
| Elevation of Privilege Vulnerability in System_server | CVE-2016-2412 | High |
| Elevation of Privilege Vulnerability in Mediaserver | CVE-2016-2413 | High |
| Denial of Service Vulnerability in Minikin | CVE-2016-2414 | High |
| Information Disclosure Vulnerability in Exchange ActiveSync | CVE-2016-2415 | High |
| Information Disclosure Vulnerability in Mediaserver | CVE-2016-2416 CVE-2016-2417 CVE-2016-2418 CVE-2016-2419 |
High |
| Elevation of Privilege Vulnerability in Debuggerd Component | CVE-2016-2420 | Moderate |
| Elevation of Privilege Vulnerability in Setup Wizard | CVE-2016-2421 | Moderate |
| Elevation of Privilege Vulnerability in Wi-Fi | CVE-2016-2422 | Moderate |
| Elevation of Privilege Vulnerability in Telephony | CVE-2016-2423 | Moderate |
| Denial of Service Vulnerability in SyncStorageEngine | CVE-2016-2424 | Moderate |
| Information Disclosure Vulnerability in AOSP Mail | CVE-2016-2425 | Moderate |
| Information Disclosure Vulnerability in Framework | CVE-2016-2426 | Moderate |
| Information Disclosure Vulnerability in BouncyCastle | CVE-2016-2427 | Moderate |
[/table]
The most severe issue addressed is a vulnerability that could allow remote code execution when processing media files. These files can be sent to your phone by any means  email, web browsing MMS or instant messaging. Other critical issues patched are specific to the DHCP client, Qualcomm’s Performance Module and RF driver. These exploits could allow code to run that permanently compromises the device firmware, forcing the end user to need to re-flash the full operating system  if “platform and service mitigations are disabled for development proposes.”
Other vulnerabilities patched also include methods to bypass Factory Reset Protection, issues that could be exploited to allow denial of service attacks, and issues that allow code execution on devices with root. IT professionals will be happy to also see mail and ActiveSync issues that could allow access to “sensitive” information patched in this update.
Full details of the April 2016 Security Bulletin is available here.
