Update (11/7): Google has now posted November security patch factory images and OTA files for the Pixel 2 XL.
All of the relevant links can be found below. Just be sure you’re downloading the correct files—there are separate builds for unlocked and Verizon models.
- Google Pixel 2 XL – OPD1.170816.025 EMR (factory image, OTA)
Unlike the Pixel 2, the Pixel 2 XL’s November update does not feature a patch for the KRACK exploit. As noted in the Security Bulletin, only patch levels of November 6 or later have a fix for the KRACK exploit. These new files are on the November 5 patch level.
It’s also worth pointing out that both Pixel 2 XL files (unlocked and Verizon) carry the name EMR, which could stand for early maintenance release. It’s possible Google could have pushed these builds out now, only to update the images and OTAs with the November 6 patch level in a few days. We’ll keep you updated as we learn more about these files.
Original post (11/6): Google has released factory images and OTA files for the November Android security patches for currently supported Pixel and Nexus devices. New Android 8.0 Oreo images have arrived for the Google Pixel 2, Google Pixel and Pixel XL, Pixel C, Nexus 6P, Nexus 5X and Nexus Player. For some reason, Google has yet to release the November security patch for the Pixel 2 XL.
Below are the download links for the new November 2017 files:
- Google Pixel 2 – OPD1.170816.018 (factory image, OTA)
- Google Pixel – OPR1.170623.032 (factory image, OTA)
- Google Pixel XL – OPR3.170623.013 (factory image, OTA)
- Google Pixel C – OPR1.170623.032 (factory image, OTA)
- Nexus 6P – OPR5.170623.011 (factory image, OTA)
- Nexus 5X – OPR6.170623.023 (factory image, OTA)
- Nexus Player – OPR2.170623.027 (factory image, OTA)
Google has also released a new Android security bulletin, detailing all the vulnerabilities that have been patched with this November update. This month, the issue with the most critical security vulnerability that has been fixed was found in the Media framework. It could have enabled a remote attacker to launch code with a specially crafted file. However, none of the issues that have been fixed in this update has been reported to be actively used in the wild.
This software patch doesn’t only bring security improvements. Google has added a new section to the security bulletin called Functional Updates. Google notes:
These updates are included to address functionality issues not related to the security of Pixel devices. The table includes associated references; the affected category, such as Bluetooth or mobile data; and a summary of the issue.
Need some help with installing a factory image or OTA on your Android device? We have a guide for that. If you don’t need to have the latest patch right away, you can also wait for the OTA to roll out to your device, which should happen in the next couple of days.