Vulnerability patches are being rolled out to AOSP, and OTA updates are on the way shortly.
The August Security Update has been released, complete with a detailed post from Google detailing all of the issues that have been discovered and fixed. This update marks the first whole year of Google's promise to release monthly security-related updates to Android, and it's important to take a look at how few manufacturers have followed the Nexus line into releasing monthly updates to keep your phone secure.
While security may not be the most important smartphone feature for many users, it's usually pretty high on the list when something goes wrong — which is why these updates started in the first place! Here's a look at what you can expect from the August patch.
Google is continuing the split patch format for August, which means there are two patch dates that could arrive on your phone this month. The August 1, 2016 patch contains major fixes for the Android OS that can be applied to every Android phone, and is the minimum security patch in order to be considered "current" with your security level. The August 5, 2016 patch contains everything from the minimum patch as well as an extensive list of driver, component, and kernel-related patches aimed mainly at Nexus hardware. Google's distinction between August 1 and August 5 allows manufacturers to more quickly release patches for OS-specific software concerns, which leads to more overall devices being secure.
The bulk of the August 1 patch focuses on vulnerabilities in Mediaserver, which includes remote code execution, elevation of privilege, information disclosure, and denial of service vulnerabilities. Information disclosure vulnerabilities were also resolved in OpenSSL, camera APIs, SurfaceFlinger, and Wifi.
If you have the August 5 patch, a significant portion of the update is aimed at fixing vulnerabilities in Qualcomm components. This includes a massive list of privilege elevation vulnerabilities, information disclosure vulnerabilities, and denial of service vulnerabilities. Most of these vulnerabilities have been found on older Nexus hardware, specifically the Nexus 5 and second generation Nexus 7.
For a complete list of the fixes released in this update, check out the Android Security Bulletin page. Google claims there have been no reports of active exploits using the vulnerabilities that have been fixed in this month's update, and as always Google's partners have had access to these updates since early last month. There is no word on when to expect the patch for any other Android-powered device, but current Nexus devices, Android One phones and the Pixel C will be receiving an OTA update within the next week. If you're the impatient type, you can flash the factory images posted at Google's Developer site.