Google’s September security patch has begun rolling out to Nexus devices all over the world via OTA and factory images. This update marks the first official security patch Android Nougat will receive via one of these methods since the built-in patch within the OS is for August.
A total of three different security levels for the September patch are present, with each marked ‘2016-09-01’, ‘2016-09-05’, and ‘2016-09-06’. A total of 19 bug fixes can be found in the first patch, while the second and third include 45 and 47, respectively. Obviously, the September 6 patch is much more secure, however with multiple security levels, manufactures should be able to choose at least one to load onto their devices.
Here’s a rundown of all the bugs fixed in the 2016-09-01 patch.
| Issue | CVE | Severity | Affects Nexus? |
|---|---|---|---|
| Remote code execution vulnerability in LibUtils | CVE-2016-3861 | Critical | Yes |
| Remote code execution vulnerability in Mediaserver | CVE-2016-3862 | Critical | Yes |
| Remote code execution vulnerability in MediaMuxer | CVE-2016-3863 | High | Yes |
| Elevation of privilege vulnerability in Mediaserver | CVE-2016-3870, CVE-2016-3871, CVE-2016-3872 | High | Yes |
| Elevation of privilege vulnerability in device boot | CVE-2016-3875 | High | No* |
| Elevation of privilege vulnerability in Settings | CVE-2016-3876 | High | Yes |
| Denial of service vulnerability in Mediaserver | CVE-2016-3899, CVE-2016-3878, CVE-2016-3879, CVE-2016-3880, CVE-2016-3881 | High | Yes |
| Elevation of privilege vulnerability in Telephony | CVE-2016-3883 | Moderate | Yes |
| Elevation of privilege vulnerability in Notification Manager Service | CVE-2016-3884 | Moderate | Yes |
| Elevation of privilege vulnerability in Debuggerd | CVE-2016-3885 | Moderate | Yes |
| Elevation of privilege vulnerability in System UI Tuner | CVE-2016-3886 | Moderate | Yes |
| Elevation of privilege vulnerability in Settings | CVE-2016-3887 | Moderate | Yes |
| Elevation of privilege vulnerability in SMS | CVE-2016-3888 | Moderate | Yes |
| Elevation of privilege vulnerability in Settings | CVE-2016-3889 | Moderate | Yes |
| Elevation of privilege vulnerability in Java Debug Wire Protocol | CVE-2016-3890 | Moderate | No* |
| Information disclosure vulnerability in Mediaserver | CVE-2016-3895 | Moderate | Yes |
| Information disclosure vulnerability in AOSP Mail | CVE-2016-3896 | Moderate | No* |
| Information disclosure vulnerability in Wi-Fi | CVE-2016-3897 | Moderate | No* |
| Denial of service vulnerability in Telephony | CVE-2016-3898 | Moderate | Yes |
Here’s the 2016-09-05 fix list (which includes every fix found in the 2016-09-01 patch).
| Issue | CVE | Severity | Affects Nexus? |
|---|---|---|---|
| Elevation of privilege vulnerability in kernel security subsystem | CVE-2014-9529, CVE-2016-4470 | Critical | Yes |
| Elevation of privilege vulnerability in kernel networking subsystem | CVE-2013-7446 | Critical | Yes |
| Elevation of privilege vulnerability in kernel netfilter subsystem | CVE-2016-3134 | Critical | Yes |
| Elevation of privilege vulnerability in kernel USB driver | CVE-2016-3951 | Critical | Yes |
| Elevation of privilege vulnerability in kernel sound subsystem | CVE-2014-4655 | High | Yes |
| Elevation of privilege vulnerability in kernel ASN.1 decoder | CVE-2016-2053 | High | Yes |
| Elevation of privilege vulnerability in Qualcomm radio interface layer | CVE-2016-3864 | High | Yes |
| Elevation of privilege vulnerability in Qualcomm subsystem driver | CVE-2016-3858 | High | Yes |
| Elevation of privilege vulnerability in kernel networking driver | CVE-2016-4805 | High | Yes |
| Elevation of privilege vulnerability in Synaptics touchscreen driver | CVE-2016-3865 | High | Yes |
| Elevation of privilege vulnerability in Qualcomm camera driver | CVE-2016-3859 | High | Yes |
| Elevation of privilege vulnerability in Qualcomm sound driver | CVE-2016-3866 | High | Yes |
| Elevation of privilege vulnerability in Qualcomm IPA driver | CVE-2016-3867 | High | Yes |
| Elevation of privilege vulnerability in Qualcomm power driver | CVE-2016-3868 | High | Yes |
| Elevation of privilege vulnerability in Broadcom Wi-Fi driver | CVE-2016-3869 | High | Yes |
| Elevation of privilege vulnerability in kernel eCryptfs filesystem | CVE-2016-1583 | High | Yes |
| Elevation of privilege vulnerability in NVIDIA kernel | CVE-2016-3873 | High | Yes |
| Elevation of privilege vulnerability in Qualcomm Wi-Fi driver | CVE-2016-3874 | High | Yes |
| Denial of service vulnerability in kernel networking subsystem | CVE-2015-1465, CVE-2015-5364 | High | Yes |
| Denial of service vulnerability in kernel ext4 file system | CVE-2015-8839 | High | Yes |
| Information disclosure vulnerability in Qualcomm SPMI driver | CVE-2016-3892 | Moderate | Yes |
| Information disclosure vulnerability in Qualcomm sound codec | CVE-2016-3893 | Moderate | Yes |
| Information disclosure vulnerability in Qualcomm DMA component | CVE-2016-3894 | Moderate | Yes |
| Information disclosure vulnerability in kernel networking subsystem | CVE-2016-4998 | Moderate | Yes |
| Denial of service vulnerability in kernel networking subsystem | CVE-2015-2922 | Moderate | Yes |
| Vulnerabilities in Qualcomm components | CVE-2016-2469 | High | No |
And finally, here’s the fix list for the patch labeled 2016-09-06 (which includes every fix found in the 2016-09-01 and 2016-09-05 patch).
| Issue | CVE | Severity | Affects Nexus? |
|---|---|---|---|
| Elevation of privilege vulnerability in kernel shared memory subsystem | CVE-2016-5340 | Critical | Yes |
| Elevation of privilege vulnerability in Qualcomm networking component | CVE-2016-2059 | High | Yes |
If you’d like to download the factory or OTA image of the September security patch for your device, head over to this webpage or this webpage, respectively. For some reason, the Nexus 6P, Nexus 6, and Nexus 9 LTE Nougat images aren’t currently available. It’s likely that Google’s just falling behind on these files, so they should be up by the end of the day.
Update (09-09-16): After a few days of waiting, Google has finally published the Nexus 6P Nougat image to the factory and OTA images pages. However at this time, the Nexus 6 and Nexus 9 LTE Nougat images appear to still be absent.
In about a week, this update should begin hitting plenty of Android devices. If you don’t wanna wait, download the factory or OTA image appropriate for the type of device you have and follow Google’s official guide on how to flash one of the images (seen below).
Flashing Instructions
To flash a device using one of the system images below (or one of your own), you need the latest fastboot tool. You can get it from one of the sources below.
- From a compiled version of the Android Open Source Project.
- From the platform-tools/ directory in the Android SDK. Be sure that you have the latest version of the Android SDK Platform-tools from the SDK Manager.
Once you have the fastboot tool, add it to your PATH environment variable (the flash-all script below must be able to find it). Also be certain that you’ve set up USB access for your device, as described in the Using Hardware Devicesguide.
Caution: Flashing a new system image deletes all user data. Be certain to first backup any personal data such as photos.
To flash a system image:
- Download the appropriate system image for your device below, then unzip it to a safe directory.
- Connect your device to your computer over USB.
- Start the device in fastboot mode with one of the following methods:
- Using the adb tool: With the device powered on, execute: adb reboot bootloader
- Using a key combo: Turn the device off, then turn it on and immediately hold down the relevant key combination for your device. For example, to put a Nexus 5 (“hammerhead”) into fastboot mode, press and hold Volume Up + Volume Down + Power as the device begins booting up.
- If necessary, unlock the device’s bootloader by running: fastboot flashing unlock
or, for older devices, running:
fastboot oem unlock
The target device will show you a confirmation screen. (This erases all data on the target device.)- Open a terminal and navigate to the unzipped system image directory.
- Execute the flash-all script. This script installs the necessary bootloader, baseband firmware(s), and operating system.
Once the script finishes, your device reboots. You should now lock the bootloader for security:
- Start the device in fastboot mode again, as described above.
- Execute: fastboot flashing lock
or, for older devices, running:
fastboot oem lockLocking bootloader will wipe the data on some devices. After locking the bootloader, if you want to flash the device again, you must run fastboot oem unlock again, which will wipe the data.
Source: Android Security Bulletin, Google Developers (1), (2) via Android Police
2 Comments
You must log in to post a comment.