Google has now delivered on its promise to issue monthly security updates for its Android operating system, and more specifically for its homemade Nexus devices.
After the Stagefright bug was revealed to the world earlier this year with semi-cataclysmic consequences to the Android ecosystem, Google was the first to take the problem seriously and vowed to issue monthly over-the-air (OTA) security updates.
The company was soon followed by Samsung, which promised to do the same thing, be it with the help of mobile carriers.
34 days after Google's initial announcement, the company's developers put the finishing touches on the first security update, which is centered around fixing the dreaded Stagefright exploit.
"The updates for Nexus devices and source code patches for these issues have also been released to the Android Open Source Project (AOSP) source repository," says the Google team. "We encourage all customers to accept these updates to their devices."
T-Mobile was the first to start issuing the patches to its users.
According to the official security bulletin, this is what the first over-the-air Google monthly update contains:
Title | CVE | Severity | Active Exploitation |
---|---|---|---|
Remote Code Execution Vulnerability in Mediaserver | CVE-2015-3864 | Critical | No |
Elevation of Privilege Vulnerability in Kernel | CVE-2015-3836 | Critical | Yes |
Elevation of Privilege Vulnerability in Binder | CVE-2015-3845 CVE-2015-1528 | High | No |
Elevation of Privilege Vulnerability in Keystore | CVE-2015-3863 | High | No |
Elevation of Privilege Vulnerability in Region | CVE-2015-3849 | High | No |
Elevation of Privilege vulnerability in SMS enables notification bypass | CVE-2015-3858 | High | No |
Elevation of Privilege Vulnerability in Lockscreen | CVE-2015-3860 | Moderate | No |
Denial of Service Vulnerability in Mediaserver | CVE-2015-3861 | Low | No |