Google Patches Several Critical Flaws in the June Update, Including Vulnerabilities in Qualcomm and Mediaserver

Rafia Shaikh
Posted Jun 7, 2016
22Shares
Share Tweet Submit

Google has started rolling out June updates for its Nexus and other Android devices, fixing dozens of critical and high-severity flaws.

Android June security update patches several critical flaws

Google is rolling out Android June security updates to its Nexus devices, bringing fixes for a number of vulnerabilities rated critical. The latest June security patches are now available for Google’s Nexus devices, but it will take a good few weeks until other Android devices start receiving these critical security updates. But, if you own a Nexus device, there is no reason to despair. Both the factory images and the OTA update files of the June security updates are now live.

  • Nexus 6P – MTC19V (guide for flashing and rooting)
  • Nexus 5X – MTC19V (links to install and root)
  • Nexus 6 – MOB30M
  • Nexus 5 – MOB30M
  • Nexus 9 LTE – MOB30M
  • Nexus 9 Wi-Fi – MOB30M
  • Nexus 7 2013 Wi-Fi – MOB30M
  • Nexus 7 2013 3G – MOB30M
  • Nexus Player – MOB30M
  • Pixel C – MXC89H

The Android June security update contains fixes for at least six bugs that have been rated critical, and about a dozen of high-severity, including four that are specific to the Qualcomm driver privilege escalation issues. Google has also fixed a critical bug in Android’s Mediaserver component, “A remote code-execution vulnerability in Mediaserver could enable an attacker using a specially-crafted file to cause memory corruption during media file and data processing,” Google noted in the security bulletin. This particular bug affects all versions of Android, from 4.4.4 KitKat to the latest Android 6.0.1 Marshmallow.

Google has confirmed that there are no reports “of active customer exploitation or abuse of these newly reported issues.” If you want your devices to be secure, you should download the Android Security Patch Level of June 01, 2016 as soon as your phone maker makes them available to you. Google notified its Android partners about the issues in this month’s bulletin on May 2, but we all know updates for non-Nexus devices won’t be made available until after a few weeks.

While there are reports of Google trying to pressure its OEM partners to send monthly security updates, we are yet to see its Android partners stepping up their game. Google is reportedly considering to release a list that would rank phone makers and carriers according to their promptness with delivering security updates in a name-and-shame scheme.

Over Half of Android Devices Still Vulnerable to Ghost Push Trojan Due to Delayed Updates

For more details about the flaws patched in the Android June security update, please visit this security bulletin.

Share Tweet Submit