Google has released yet another security patch for Android devices, with this one being specific for the month of April. It includes a number of bug and security fixes ranging from moderate to high in severity while also being more speedy and efficient than last month’s patch. A full list of the bugs and security flaws fixed can be found below. It can also be found on Google’s Nexus Security Bulletin.
Remote Code Execution Vulnerability in DHCPCD
Remote Code Execution Vulnerability in Media Codec
Remote Code Execution Vulnerability in Mediaserver
Elevation of Privilege Vulnerability in Debuggerd Component
Elevation of Privilege Vulnerability in Setup Wizard
Elevation of Privilege Vulnerability in Wi-Fi
Elevation of Privilege Vulnerability in Telephony
Denial of Service Vulnerability in SyncStorageEngine
Information Disclosure Vulnerability in AOSP Mail
Information Disclosure Vulnerability in Framework
Information Disclosure Vulnerability in BouncyCastle
As you can see, many of the fixes are either marked critical or high in severity, meaning users were pretty vulnerable to hacks and crashes during last month until now. Of course users who own say a Samsung Galaxy device or HTC phone won’t see the patch arrive to their device until the appropriate companies get the update approved by carriers and begin pushing it out later this month, however let’s just hope they don’t take very long to roll out the upgrade since these devices running March’s security patch are so high at risk.
It’s unclear at this point just how much speedier this update can make your device, as last month users were reporting that by installing the March security patch on their Nexus 5X, they made their devices faster. This was very welcome as the 5X isn’t really known for being speedy.
If you own a Nexus device, however, expect the security patch to hit your device very soon. But if you’re like me and are impatient, you can download the factory image for your device from the links below:
From the platform-tools/ directory in the Android SDK. Be sure that you have the latest version of the Android SDK Platform-tools from the SDK Manager.
Once you have the fastboot tool, add it to your PATH environment variable (the flash-all script below must be able to find it). Also be certain that you’ve set up USB access for your device, as described in the Using Hardware Devicesguide.
Caution: Flashing a new system image deletes all user data. Be certain to first backup any personal data such as photos.
To flash a system image:
Download the appropriate system image for your device below, then unzip it to a safe directory.
Connect your device to your computer over USB.
Start the device in fastboot mode with one of the following methods:
Using the adb tool: With the device powered on, execute:
adb reboot bootloader
Using a key combo: Turn the device off, then turn it on and immediately hold down the relevant key combination for your device. For example, to put a Nexus 5 (“hammerhead”) into fastboot mode, press and hold Volume Up + Volume Down + Power as the device begins booting up.
If necessary, unlock the device’s bootloader by running:
fastboot flashing unlock
or, for older devices, running:
fastboot oem unlock
The target device will show you a confirmation screen. (This erases all data on the target device.)
Open a terminal and navigate to the unzipped system image directory.
Execute the flash-all script. This script installs the necessary bootloader, baseband firmware(s), and operating system.
Once the script finishes, your device reboots. You should now lock the bootloader for security:
Start the device in fastboot mode again, as described above.
fastboot flashing lock
or, for older devices, running:
fastboot oem lock
Locking bootloader will wipe the data on some devices. After locking the bootloader, if you want to flash the device again, you must run fastboot oem unlock again, which will wipe the data.
Have you received April’s security patch yet on your Nexus device? Let us know in the comments!