Google Releases June Android Security Update for Nexus Devices

HIGHLIGHTS

• Google has fixed 4 critical vulnerabilities related to Qualcomm drivers.
• The latest security update is now available for Nexus devices.
• Samsung has also released the June Android security update.

Google, keeping its promise of monthly security updates, this week released its Android security update for the month of June. The security updates to Nexus devices are now available via an over-the-air (OTA) update. Google notes that the latest Nexus firmware images have also been released to the Google Developer site. Additionally, Samsung has also released its June security update for “major flagship models” as part of monthly security maintenance release (SMR) process.

Google says that the source code patches for the new issues will be released to the Android Open Source Project (AOSP) repository over the next 48 hours. Google notes that partner OEMs were notified about the issues described in the June bulletin on May 2.

According to Google, the latest build MTC19V is available for the Nexus 6P and Nexus 5X; the MOB30M build is available for the Nexus 6, Nexus Player, Nexus 9, Nexus 9 LTE; Nexus 5; Nexus 7 (2013) and Nexus 7 3G, and MXC89H for the Pixel C. Users can manually download and flash the zip update file for the Nexus devices from Google’s Nexus Factory Images page.

The latest June update patches six vulnerabilities that have been flagged as “critical” by Google, and 11 vulnerabilities that fall on the spectrum of “high” severity. The company has also listed four “moderate” security glitches that have also been resolved.

Notably, four out of six critical vulnerabilities listed by Google in the June security bulletin are related to Qualcomm drivers. The critical security vulnerabilities fixed in the update by Google include remote code execution vulnerability in mediaserver, remote code execution vulnerabilities in libwebm, elevation of privilege vulnerability in Qualcomm video driver, elevation of privilege vulnerability in Qualcomm sound driver, elevation of privilege vulnerability in Qualcomm GPU driver, and elevation of privilege vulnerability in Qualcomm Wi-Fi driver. In addition to June security update, Android Policepoints out Google has also released code changes for N Developer Preview 3.

Samsung’s security maintenance release includes patches from Google and Samsung. Apart from Google patches, Samsung provides 9 vulnerabilities and exposures patches for FRP unlock by connecting external storage via OTG, disable AT command via USB with secured lock screen, SIM lock bypass issue, and application signature check bypass.