Google just released an over-the-air update for its Android Nexus devices. The update patches four major holes, along with a whole lot of other vulnerabilities.
The update is specifically for Nexus devices, though, as usual, Google gave its hardware and software partners more than a month's lead time to patch up their products before the company released the update and the release notes outlining the latest known vulnerabilities for Android.
The update includes 16 fixes: four labeled "critical," 10 "high" and two "moderate." The flaws Google fixed with the patch include Stagefright vulnerabilities and vulnerabilities with Android's media server.
"The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files," says Google. "We have had no reports of active customer exploitation of these newly reported issues."
The critical vulnerabilities were found in Android's display driver, Skia graphics library media server and the mobile operating system's kernel. The kernel, the operating system's core, has a vulnerability that could be leveraged to increase the privilege level or third-party software, while the three other critical flaws may be exploited to remotely execute code.
The latest security fixes where disclosed and released as part of Google's monthly Nexus Security Bulletins. It's an effort to combat some of the iOS-selling issues, namely security vulnerabilities that just might be overblown from time to time.
Google has always focused on security for Android and Google Play, the company said in August when it introduced the Nexus Security Bulletin program.
"Android was built from day one with security in mind," Google said in a blog post, adding, "Security continues to be a top priority and monthly device updates are yet another tool to make and keep Android users safe."
Along with app sandboxing and its verification software, Google is even offering bounties to people who alert it to previously unknown flaws in Android.
"We believe the combination of these approaches has led to there being fewer than 0.15 percent of devices with any kind of potentially harmful app installed, as long as apps were installed from Google Play," Google said.
