Google has today released their November security update for Android, the monthly update to address reported issues and vulnerabilities.
There’s seven updates addressed in the November update, two are listed as Critical, four as high and a single moderate severity update. Google says that the severity rating is ‘based on the effect that exploiting the vulnerability would have on an affected device, assuming the platform and service mitigations are disabled for development purposes or if successfully bypassed’. The updates are:
| Issue | CVE | Severity |
|---|---|---|
| Remote Code Execution Vulnerabilities in Mediaserver | CVE-2015-6608 | Critical |
| Remote Code Execution Vulnerability in libutils | CVE-2015-6609 | Critical |
| Information Disclosure Vulnerabilities in Mediaserver | CVE-2015-6611 | High |
| Elevation of Privilege Vulnerability in libstagefright | CVE-2015-6610 | High |
| Elevation of Privilege Vulnerability in libmedia | CVE-2015-6612 | High |
| Elevation of Privilege Vulnerability in Bluetooth | CVE-2015-6613 | High |
| Elevation of Privilege Vulnerability in Telephony | CVE-2015-6614 | Moderate |
The updates have been patched and as per Google’s plan, they have updated the available factory images for selected Nexus devices. The Nexus Factory Images page has been updated for the Nexus 5X, 6P, 9, Player and the Nexus 7 (2013) Wifi, but there hasn’t actually been a new factory image issued for the Nexus 6 or the LTE version of the Nexus 7 (2013).
OTA updates for the November security updates should begin rolling out shortly, if you can’t wait then you can download the appropriate factory image for your device and flash it.
