September security update brings patches for 7 critical issues
Android 7.0 Nougat factory images now available for Nexus range
Nexus 6P and Nexus 6 yet to receive factory images from Google
Google last month started rolling out the final build of Android 7.0 Nougat for compatible Nexus devices. The Android 7.0 Nougat update was rolled out to the Nexus 5X, Nexus 6P, Nexus 9, Nexus Player, Pixel C tablet, and Android One General Mobile 4G devices gradually. Now, the company has started rolling out the monthly Android security update for September. The company has also released factory images and OTA binaries for Nexus devices.
The September security bulletin is now available to Nexus through an over-the-air (OTA) update. Google has also released the new Nexus firmware images to the Google Developer site. Google says that it notified the partners about the issues described in the bulletin on August 05, 2016 or earlier. The source code patches for the reported issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours.
The update patches seven vulnerabilities that have been flagged as “critical” by Google, and 23 vulnerabilities that fall on the spectrum of “high” severity. In addition, 17 “moderate” security glitches have also been resolved.
Some of the critical security vulnerabilities that have been fixed include remote code execution vulnerability in LibUtils, which if left untreated will enable an attacker using a specially crafted file to execute arbitrary code in the context of a privileged process; remote code execution vulnerability in Mediaserver, which if not resolved could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing; elevation of privilege vulnerability in kernel security subsystem; elevation of privilege vulnerability in kernel networking subsystem, elevation of privilege vulnerability in kernel netfilter subsystem, and elevation of privilege vulnerability in kernel USB driver, and elevation of privilege vulnerability in kernel shared memory subsystem, which if left untreated could enable a local malicious application to execute arbitrary code within the context of the kernel. These issues are rated as “Critical” due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device.
Apart from September Android security patch, Google is also rolling out Android 7.0 Nougat factory images for Nexus range. New Android 7.0 build for Pixel C is NRD90R; Nexus 5X is NRD90S; Nexus Player is NRD90R; Nexus 9 Wi-Fi is NRD90R, and Nexus 5 is MOB31E. Unfortunately, Google is yet to rollout Android 7.0 factory images for the Nexus 6P, Nexus 6, and Nexus 9 LTE devices.