If you own a Nexus or Pixel device you now have the January 5 security patch waiting for you. The security update provides fixes for 50 bugs including 10 marked as critical (with only six of those affecting Google devices), the worst of which involves a Mediaserver remote code execution vulnerability through multiple methods including email, web browsing and MMS. Google points out there have been no reports of active exploits based on the patched vulnerabilities.
Nexus and Pixel owners can follow the download and OTA links below or just check your system settings for the update if you don’t already see the notification in your status bar. Note that there are two different build numbers listed, depending on whether or you not your device received a separate patch recently. The same security patch will eventually be rolled out by OEMs with brand-specific patches added.
- Pixel XL (Android 7.1.1) Factory image: NMF26U, NMF26V; OTA: NMF26U, NMF26V
- Pixel (Android 7.1.1) Factory image: NMF26U, NMF26V; OTA: NMF26U, NMF26V
- Pixel C (Android 7.1.1) Factory image: N4F26I; OTA: N4F26I
- Nexus 6P (Android 7.1.1) Factory image: N4F26I, N4F26J; OTA: N4F26I, N4F26J
- Nexus 5X (Android 7.1.1) Factory image: N4F26I; OTA: N4F26I
- Nexus Player (Android 7.1.1) Factory image: NMF26R; OTA: NMF26R
- Nexus 9 (Wi-Fi) (Android 7.1.1) Factory image: N4F26M; OTA: N4F26M
There are two security patch levels included in this month’s Android security bulletin, one dated January 1 and the other January 5. Supported Google devices will only get the January 5 patch, while OEMs will be able to address the “partial security patch level string” first if they so choose. If you want to see more details on the vulnerabilities addressed in the partial and full strings hit the January security bulletin page via the source link below.
Have you got the January patch yet? What do you think about the partial security string option for OEMs?