Google Releases April Android Security Update, Fixes 8 Critical Flaws

Attention owners of Android smartphones, you’ll definitely need your device updated. Google has started rolling out the April security update for its Nexus range of devices running on Android. April’s update is a bigger one than usual and includes fixes to eight critical security vulnerabilities. In addition to fixes for other, less severe, bugs. Till now this update fixes a total of 39 security related flaws.

The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files,” Google said in its April Nexus Security Bulletin.

The firmware update is now available to download for Nexus devices over-the-air (OTA) and should go live on other Android smartphones and tablets very soon.

Released to the Google Developer site at first, and there, you’ll find the changelogs pusblished on the Android Open Source Project (AOSP) for its OEMs and other manufacturers. The latest firmware images for BlackBerry Priv Android phone has already been made available and other manufacturers prepare to release their specific updates.

The Android security update has fixed one of the most severe Stagefright security vulnerabilities that could enable remote code execution on an affected device via multiple ways (like email, Web browser and MMS) when processing media files. Notes that partner OEMs were informed about this issues in April security update on March 16, 2016.

The main security vulnerability fixed in this upadte by Google include remote code execution in DHCPCD, which if left untreated can enable attacker to cause memory corruption. Some found in media codec, remote code execution in mediaserver, and in libstagefright can also allow intruders to cause the corruption during the media file and data processing of a specifically crafted file.

Other vunerabilities listed also include elevation of privilage flaws in kernel, in Qualcomm Performance Module, in Qualcomm RF Componenbt, and of course in Kernel. This April Android security update is purely focused on security fixes and does not upgrade the Android version.

We expect a lot of you will get an update alerting you about the patch soon, so be sure to apply it. April Android Security Update now rolls out!

(Source: Google)