Android Security Bulletin—June 2016

[Petrovic]

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Nexus devices through an over-the-air (OTA) update. The Nexus firmware images have also been released to the Google Developer site. Security Patch Levels of June 01, 2016 or later address these issues. Refer to the Nexus documentation to learn how to check the security patch level.

 

Partners were notified about the issues described in the bulletin on May 02, 2016 or earlier. Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours. We will revise this bulletin with the AOSP links when they are available.

 

The most severe issue is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.

 

We have had no reports of active customer exploitation or abuse of these newly reported issues. Refer to the Android and Google Service Mitigations section for details on the Android security platform protections and service protections such as SafetyNet, which improve the security of the Android platform.

 

We encourage all customers to accept these updates to their devices.

 

Full Article