Google has released new factory images for their current range of Nexus devices on their developers site. As promised last week by Hiroshi Lockheimer, the current head of Chrome, Android and Chromecast at Google, the update includes the new emoji we’ve been waiting for, as well as the latest updates to address Common Vulnerability and Exposures (CVEs).
The current range of Nexus devices includes the Nexus 5, Nexus 6, Nexus 7 (2013), Nexus 9, Nexus Player – as well as the newest Nexus phones, the Nexus 5X and Nexus 6P, all of which have a new factory image waiting to be downloaded and flashed. And yes, before you ask, even the LTE versions of the Nexus 7 (2013) and Nexus 9 have new images available. Most devices are getting build MMB29K but if you check the Nexus Player and Nexus 6P, they get a MMB29M build.
The update also includes the latest round of security patches for December. On their Google Group, Google points users to the Security Bulletin update page, which has a complete listing of all 16 CVEs that are addressed and advises that they will begin rolling out over-the-air (OTA) updates with the patches starting today. If that’s too long – as above you can get the new system image. CVEs addressed include:
| Issue | CVE | Severity |
|---|---|---|
| Remote Code Execution Vulnerability in Mediaserver | CVE-2015-6616 | Critical |
| Remote Code Execution Vulnerability in Skia | CVE-2015-6617 | Critical |
| Elevation of Privilege in Kernel | CVE-2015-6619 | Critical |
| Remote Code Execution Vulnerabilities in Display Driver | CVE-2015-6633 CVE-2015-6634 |
Critical |
| Remote Code Execution Vulnerability in Bluetooth | CVE-2015-6618 | High |
| Elevation of Privilege Vulnerabilities in libstagefright | CVE-2015-6620 | High |
| Elevation of Privilege Vulnerability in SystemUI | CVE-2015-6621 | High |
| Elevation of Privilege Vulnerability in Native Frameworks Library | CVE-2015-6622 | High |
| Elevation of Privilege Vulnerability in Wi-Fi | CVE-2015-6623 | High |
| Elevation of Privilege Vulnerability in System Server | CVE-2015-6624 | High |
| Information Disclosure Vulnerabilities in libstagefright | CVE-2015-6626 CVE-2015-6631 CVE-2015-6632 |
High |
| Information Disclosure Vulnerability in Audio | CVE-2015-6627 | High |
| Information Disclosure Vulnerability in Media Framework | CVE-2015-6628 | High |
| Information Disclosure Vulnerability in Wi-Fi | CVE-2015-6629 | High |
| Elevation of Privilege Vulnerability in System Server | CVE-2015-6625 | Moderate |
| Information Disclosure Vulnerability in SystemUI | CVE-2015-6630 | Moderate |
The updated factory images are now live on the Google Developers page for those that want to dirty flash the update and check out those new emoji.
