In keeping with their promise to make Android more secure on a monthly basis, Google's December 2015 Security Bulletin has been posted, detailing the next update and what was addressed this time around.
According to Google, partners were notified and provided updates for the December list on November 2nd. AOSP will be updated with patches over the next 48 hours, and firmware images for this update are available now on the Google Developers site. This update is marked December 1, 2015 on phones that mark security updates in settings, for example the BlackBerry Priv which has already received this update.
16 CVEs — that's Common Vulnerability and Exposures ID for those who don't speak security codenames — are addressed in this update, and according to Google there are no active reports of any active exploits through these vulnerabilities. These vulnerabilities were discovered by 11 different individuals, four of which are part of Google's Chrome Security Team or Project Zero. Details for these vulnerabilities can be found in the security bulletin, but largely the issues addressed mediaserver vulnerabilities, file manipulation leading to remote code execution, and the privilege elevation in libstagefright that caused so much concern recently.
Google's continued push for monthly updates isn't surprising given how new this program is, and seeing BlackBerry push ahead with updates before Google is impressive, but the biggest win for this initiative so far has been Samsung' recent decision to include the security patch level on non-Marshmallow phones, signifying the company is interested in cooperating and keeping users safe. See you next month for more!