Nexus, Priv, A9, and hopefully many more users will soon (if not already) see a rollout of Security Patch Level January 1, 2016. As you're no doubt aware, this is a continued monthly effort from Google to address any and all software-related security bugs that are found within Android from experts all around the tech world. Each month we get a bulletin from Google listing the security concerns being addressed in the update, as well as who discovered the update and where they are currently employed.
Here's what has been fixed for January:
A big focus for this month has been escalation of privilege vulnerabilities. This refers to any point in the code where something can ask for access to greater privileges than they are supposed to be granted by the operating system. Frequently, escalation-of-privilege vulnerabilities can lead to the ability to execute code that would otherwise not be allowed. In the January patch, Google is addressing escalation vulnerabilities in Bluetooth, Kernel, Setup Wizard, Wifi, Trustzone, Imagination Technologies Driver, and misc-sd driver. A remote code execution vulnerability in the Mediaserver was also addressed in this patch, as well as a denial of service vulnerability in Bouncy Castle. Finally, there was an attack surface reduction for Nexus kernels.
As is almost always the case, Google claims there have been no reports of active customer exploitation of these issues. This has a lot to do with the security features Google has in place to stop apps from entering or remaining active on the Play Store that could exploit these vulnerabilities in the first place. Google's efforts in verifying apps both in the Play Store and on your phone play a significant part in day to day security, but addressing vulnerabilities within Android itself is still incredibly important. After all, not everyone only uses apps from the Play Store.
Like previous monthly patches, Nexus phones and tablets will start rolling the update out immediately, but images also will be available on Google Developers site — builds marked LMY49F or later will have the most recent patch. HTC's 15 business day promise with the A9 means users will see the update within the next two or three weeks, and BlackBerry Priv owners should start seeing the update today. All of Google's partners were provided with this patch on Dec. 7, and the appropriate AOSP repos will be updated within over the next 48 hours. Stay safe!
We may earn a commission for purchases using our links. Learn more.
A few good Kindle books can help you get through these tough times
One of my favorite pastimes in good times or bad is to curl up on the sofa with a good book, preferably on my Amazon Kindle. Here are some of the stories that have been distracting me over the past few weeks of lockdown and social isolation.
Top 6 things Google needs to add to Chrome OS to compete with Windows
Chrome OS has gotten pretty good in recent years — especially for tablets and touchscreens — but there’s always room to improve. Here’s my wishlist for my favorite lightweight laptop ecosystem.
Amazon Echo Frames review: Alexa comes for your eyes and ears
When I reviewed the Amazon Echo Buds in late 2019, I commented that they were a solid first attempt to help get Alexa out of the house and make her more useful on the go. The Echo Frames, which were announced at the same time as the Echo Buds, are the latest of Alexa's steps into the wider world. I'll tell you what I thought of them after my first few days with them.
These are the best smart locks that you can use with Alexa
Looking to make your home smarter? Check out these smart locks!