Home
Mobiles
Mobiles News
Google's April Android Security Update Fixes 8 Critical Vulnerabilities

Google's April Android Security Update Fixes 8 Critical Vulnerabilities

By Ketan Pratap | Updated: 5 April 2016 12:29 IST

Google on Monday started rolling out the April monthly Android security update for its Nexus range of devices. The company says that the security update is now available for Nexus devices through an over-the-air (OTA) update.

The latest Nexus firmware images have also been released to the Google Developer site for download as well as changelogs have been published on the Android Open Source Project (AOSP) for its partners and other manufacturers. Google says that the source code patches for these issues will be released to the Android Open Source Project (AOSP) repository over the next 48 hours. While other manufacturers prepare to release their device-specific updates, BlackBerry has already released the April security update for its Priv Android smartphone.

The latest April update patches eight vulnerabilities that have been flagged as "critical" by Google, and 13 vulnerabilities that fall on the spectrum of "high" severity. The company has also listed eight "moderate" security glitches that have also been resolved.

In its Nexus Security Bulletin for April, Google said the Android security update has fixed one of the most severe Stagefright security vulnerabilities that could enable remote code execution on an affected device through multiple methods (such as email, Web browsing, and MMS) when processing media files. The Bulletin notes that partner OEMs were notified about the issues described in the April security update on March 16, 2016 or earlier.

The critical security vulnerabilities fixed in the update by Google include remote code execution vulnerability in DHCPCD, which if left untreated can enable attacker to cause memory corruption. Other vulnerabilities such as remote code execution vulnerability in media codec, remote code execution vulnerability in mediaserver, and remote code execution vulnerability in libstagefright can allow an attacker to cause memory corruption and remote code execution as the mediaserver process during media file and data processing of a specially crafted file.

Some of the other critical vulnerabilities listed include elevation of privilege vulnerability in kernel, elevation of privilege vulnerability in Qualcomm Performance Module, elevation of Privilege Vulnerability in Qualcomm RF Component, and elevation of Privilege Vulnerability in Kernel.

Notably, the majority of vulnerabilities fixed in the April Android security update were reported to Google late last year or early this year.

Much like the February and March security updates, the April Android security update is purely focused on security fixes and does not upgrade the Android version.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Android 6.0 Marshmallow, Android, Android Security Update, Google, Google Nexus, Nexus

Ketan Pratap

Email Ketan

Ketan Pratap is the editor at Gadgets 360 - with over 12 years of experience covering the technology domain. With a breadth and depth of knowledge in the field, he's done extensive work across news, features, reviews, and opinion pieces. But what's truly inspiring about Ketan is how he spends his free time. He's often found gazing at snow-capped mountains from over 20,000 feet while sitting on the hood of his car, taking in the breathtaking beauty of nature. His passion for the great ...More