- Jun 24, 2016
- 636
Android Security Bulletin—August 2016:
Published August 01, 2016
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Nexus devices through an over-the-air (OTA) update. The Nexus firmware images have also been released to the Google Developer site. Security Patch Levels of August 05, 2016 or later address these issues. Refer to the documentation to learn how to check the security patch level.
Partners were notified about the issues described in the bulletin on July 06, 2016 or earlier. Where applicable, source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours. We will revise this bulletin with the AOSP links when they are available.
The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.
We have had no reports of active customer exploitation or abuse of these newly reported issues. Refer to the Android and Google service mitigations section for details on the Android security platform protections and service protections such as SafetyNet, which improve the security of the Android platform.
We encourage all customers to accept these updates to their devices.
Announcements
Published August 01, 2016
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Nexus devices through an over-the-air (OTA) update. The Nexus firmware images have also been released to the Google Developer site. Security Patch Levels of August 05, 2016 or later address these issues. Refer to the documentation to learn how to check the security patch level.
Partners were notified about the issues described in the bulletin on July 06, 2016 or earlier. Where applicable, source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours. We will revise this bulletin with the AOSP links when they are available.
The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.
We have had no reports of active customer exploitation or abuse of these newly reported issues. Refer to the Android and Google service mitigations section for details on the Android security platform protections and service protections such as SafetyNet, which improve the security of the Android platform.
We encourage all customers to accept these updates to their devices.
Announcements
- This bulletin has two security patch level strings to provide Android partners with the flexibility to move more quickly to fix a subset of vulnerabilities that are similar across all Android devices. See Common questions and answers for additional information:
- 2016-08-01: Partial security patch level string. This security patch level string indicates that all issues associated with 2016-08-01 (and all previous security patch level strings) are addressed.
- 2016-08-05: Complete security patch level string. This security patch level string indicates that all issues associated with 2016-08-01 and 2016-08-05 (and all previous security patch level strings) are addressed.
- Supported Nexus devices will receive a single OTA update with the August 05, 2016 security patch level
