Emergency security update coming to Nexus devices due to discovered exploit
The promise of monthly security updates is refreshing, but not even keeping devices that protected is enough sometimes. Google has just announced they are releasing a mid-month security patch due to the discovery of an exploit that could bring harm to some devices; namely, the Nexus 5 and Nexus 6.
The issue arose after Google found out about a rooting application using an “unpatched local elevation of privilege vulnerability in the kernel”. What this means is that a malicious application would have the power to affect the code within the software. The only way to fix the handset then would be to re-flash the whole operating system.
See also: GranitePhone interview details the only way to make Android more secure
It’s still a bit hard to be affected, though. Google does protect you from such apps in the Google Play Store, and even uses Verify Apps to keep external threats away. The only way to have been affected is if you were convinced to manually install the rooting app.
This advisory applies to all unpatched Android devices on kernel versions 3.4, 3.10 and 3.14, including all Nexus devices. Android devices using Linux kernel version 3.18 or higher are not vulnerable.
There’s multiple layers of security, but if you are living on the wilder side you can rest assured the update is coming within a few days. Android partners have also been informed of the issue and the AOSP repository has been updated with the new information. So if you see a random update coming to your phone soon, it’s just Google watching over us.