Google on Monday has released Security Patch Level of March 01, 2016 for Nexus devices. The monthly Android security update squashes more than a dozen vulnerabilities on Android including Keyring, aLinux security hole, which according to reports, affected 66 percent of all Android devices. Google said the source code patches for these issues, meant for OEMs and other makers of custom operating systems, will be released to the Android Open Source Project (AOSP) repository over the next 48 hours.
The Mountain View-based company on Monday made available the monthly Android security update for a range of Nexus smartphones and tablets. The update patches six vulnerabilities that have been flagged as “critical” by Google, and eight vulnerabilities that fall on the spectrum of “high” severity. In addition, two “moderate” security glitches have also been resolved.
Some of the critical security vulnerabilities that have been fixed include holes in Mediaserver and libvpx. If left untreated, these vulnerabilities could be exploited by an attacker to perform remote execution of arbitrary code. Vulnerabilities that elevated privilege in Conscrypt and QualcommPerformance Component have been fixed, too.
One of the major highlights of the security patch is that it fixes the Keyring vulnerability that was found to affect a large number of Linux (including Android) devices. The vulnerability, which was found in January, was estimated to be affecting more than 66 percent of all Android devices. Though, Google had later assured users that the estimated figures were completely blown up out of proportion. Regardless, as promised, it has patched the vulnerability.
“An elevation of privilege vulnerability in the Kernel Keyring Component could enable a local malicious application to execute arbitrary code within the kernel,” the company noted in a blog post. “This issue is rated as a Critical severity due to the possibility of a local permanent device compromise and the device could potentially only be repaired by re-flashing the operating system. However, in Android versions 5.0 and above, SELinux rules prevents third-party applications from reaching the affected code.”
Google has issued fixes for a range of operating system versions, including for KitKat in many cases.KitKat continues to be the most widely used version of Android operating system. The Android maker has published the updated factory images on the developer portal. You can alternatively check your phone for over-the-air update.
If you don’t own a Nexus-branded smartphone or tablet, you will have to wait a little longer for your smartphone’s OEM to work on these updates and appropriately make it available for its smartphone and tablet lineups.