Android January Security Patch Fixes 95 Vulnerabilities – Direct Download Links

Author Photo
Jan 3, 2017
9Shares
Share Tweet Submit

Delayed due to yesterday’s holiday, Google has now released Android 7.1.1 Nougat with January security patch. Today’s update is fixing 95 security vulnerabilities.

Google’s Pixel and Pixel XL are currently facing a number of issues, including battery problems and audio distortion. In the absence of a changelog, it isn’t clear if the company is sending a fix to any of these problems. The update rolling out through Verizon only notes “Security updates,” making it unlikely to offer any bug fixes. Ahead of Google, LG had posted a changelog for the January security patch (attached at the end of this post), which also doesn’t hint at any major bug fixes.

We will share with our readers once Google publishes the security bulletin for the Android January security release. Today’s release fixes at least 7 critical vulnerabilities, making it an important update. You will soon receive OTA notifications to install the latest update. For a manual update process, following are the factory images and OTA links to download Android 7.1.1 Nougat January security release.

Download Android January patch – factory Images & OTA links

  • Nexus 6: Android 7.0.0 – nothing, yet
  • Nexus Player: NMF26R Android 7.1.1 | Factory Image – OTA
  • Nexus 9 (LTE): Android 7.1.1 | nothing, yet
  • Nexus 9 (Wi-Fi): N4F26M Android 7.1.1 | Factory Image – OTA
Android February Security Patch Rolling Out to Pixel, Nexus (6P Included) - Direct Download Links

For more details, visit Google’s developers’ page. [Update] For security bulletin, check this link.

Changelog, as previously released by LG

CVE Items from Google patch (Android Bulletin January 2016)

  • critical:
    CVE-2017-0381, CVE-2016-5180, CVE-2016-8411, CVE-2016-4794, CVE-2016-5195, CVE-2015-8966, CVE-2016-9120
  • high:
    CVE-2017-0382, CVE-2017-0383, CVE-2017-0384, CVE-2017-0385, CVE-2017-0386, CVE-2017-0387, CVE-2017-0388, CVE-2016-3911, CVE-2016-6710, CVE-2017-0389, CVE-2017-0390, CVE-2017-0391, CVE-2017-0392, CVE-2017-0393, CVE-2017-0394, CVE-2014-4014, CVE-2015-8967, CVE-2016-6778, CVE-2016-6779, CVE-2016-6780, CVE-2016-6492, CVE-2016-6781, CVE-2016-6782, CVE-2016-6783, CVE-2016-6784, CVE-2016-6785, CVE-2016-6758, CVE-2016-6759, CVE-2016-6760, CVE-2016-6761, CVE-2016-6755, CVE-2016-6786, CVE-2016-6787, CVE-2016-6788, CVE-2016-6791, CVE-2016-8391, CVE-2016-8392, CVE-2015-7872, CVE-2016-8393, CVE-2016-8394, CVE-2014-9909, CVE-2014-9910, CVE-2016-1583, CVE-2016-8396, CVE-2016-5341
  • moderate:
    CVE-2017-0395, CVE-2017-0396, CVE-2017-0397, CVE-2017-0398, CVE-2017-0399, CVE-2017-0400, CVE-2017-0401, CVE-2017-0402, CVE-2016-6720, CVE-2016-8399, CVE-2016-6756, CVE-2016-6757, CVE-2016-8401, CVE-2016-8402, CVE-2016-8403, CVE-2016-8404, CVE-2016-8405, CVE-2016-8406, CVE-2016-8407, CVE-2016-8410
  • low:
    CVE-2016-6690

LG Vulnerabilities and Exposures(LVE) Items from LG

  • critical:
    LVE-SMP-160019
  • high:
    LVE-SMP-160013, LVE-SMP-160014
  • moderate:
    LVE-SMP-160011, LVE-SMP-160015, LVE-SMP-160017, LVE-SMP-160018
  • low:
    LVE-SMP-160012

Security issues Details

You can see the detail information on Google patches from Android Security Bulletin site.There is a description of the security issue, a severity, affected devices information and date reported.

LVE-SMP-160019

  • Severity : Critical
  • Date reported : Nov 17, 2016
  • Affected device Informaion : L(5.0/5.1), M(6.0/6.0.1), N(7.0) devices with MTK chipset
  • Description :
    MTKLogger application that logs personal information to storage without user consent can be started by third-party application without user consent.

LVE-SMP-160013

  • Severity : High
  • Date reported : Nov 15, 2016
  • Affected device Informaion : Devices with LG Touchscreen driver
  • Description :
    An elevation of privilege vulnerability in write_file/write_log of LG touch driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

LVE-SMP-160014

  • Severity : High
  • Date reported : Nov 15, 2016
  • Affected device Informaion : L(5.0.2), M(6.0) device using LG felica driver
  • Description :
    An elevation of privilege vulnerability in the LG felica drivers can be exploited to gain read/write access to kernel memory.

LVE-SMP-160017

  • Severity : Moderate
  • Date reported : Nov 15, 2016
  • Affected device Informaion : Devices with LG Touchscreen driver
  • Description :
    An elevation of privilege vulnerability in touch_synaptics/reg_ctrl of LG touch driver could enable a local malicious application to execute arbitrary code within the context of the kernel.

LVE-SMP-160018

  • Severity : Moderate
  • Date reported : Nov 15, 2016
  • Affected device Informaion : L(5.0/5.1), M(6.0/6.0.1), N(7.0) devices with LG fc8080 tdmb driver
  • Description :
    Elevation of privilege vulnerability in LG fc8080 tdmb driver could enable usermode supplies a kernel address as the ioctl argument, this will result in kernel memory corruption and can likely be exploited to achieve privilege elevation.

LVE-SMP-160012

  • Severity : Moderate
  • Date reported : Nov 15, 2016
  • Affected device Informaion : L(5.0/5.1), M(6.0/6.0.1), N(7.0) devices using snapdragon 801, 808, 820
  • Description :
    Directory traversal vulnerability in lghashstorageserver binder service could enable an app to read and write 0x20 bytes from any files in the context of the lghashstorageserver. It will result in system file compromised and can be likely to be exploited to achieve privilege elevation.
Share Tweet Submit