Earlier today BlackBerry rolled out an update for the BlackBerry Priv which contained Google’s February 2016 Security updates.
Google have now released factory images with the same February security patch for Nexus devices.
You can now download the latest factory image from Google and flash it yourself.
The update is still Android 6.0.1, but carries a different version number depending which phone or tablet you are using.
The update is available for:
- Nexus 5
- Nexus 5X
- Nexus 6P
- Nexus 6
- Nexus Player
- Nexus 7
- Nexus 9
The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.
The Remote Code Execution Vulnerability in Broadcom’s Wi-Fi driver is also Critical severity as it could allow remote code execution on an affected device while connected to the same network as the attacker.
Security Vulnerability Summary
[table style=”table-striped”]
| Issue | CVE | Severity |
|---|---|---|
| Remote Code Execution Vulnerability in Broadcom Wi-Fi Driver | CVE-2016-0801 CVE-2016-0802 |
Critical |
| Remote Code Execution Vulnerability in Mediaserver | CVE-2016-0803 CVE-2016-0804 |
Critical |
| Elevation of Privilege Vulnerability in Qualcomm Performance Module | CVE-2016-0805 | Critical |
| Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver | CVE-2016-0806 | Critical |
| Elevation of Privilege Vulnerability in the Debugger Daemon | CVE-2016-0807 | Critical |
| Denial of Service Vulnerability in Minikin | CVE-2016-0808 | High |
| Elevation of Privilege Vulnerability in Wi-Fi | CVE-2016-0809 | High |
| Elevation of Privilege Vulnerability in Mediaserver | CVE-2016-0810 | High |
| Information Disclosure Vulnerability in libmediaplayerservice | CVE-2016-0811 | High |
| Elevation of Privilege Vulnerability in Setup Wizard | CVE-2016-0812 CVE-2016-0813 |
Moderate |
[/table]
You can check out full details of the Security Bulletin February 2016 here.
