Google Posts Android Marshmallow February Security Update

As expect and right on time, Google has posted the February security update for Android Marshmallow today.  The update takes the 6.0.1 build to version MMB29Q and it is now available for flashing on the Factory Images page of the developer site.

There are a lot of security fixes in this update, the biggest of which is a fix for remote code execution which was discovered in January.

The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files. The Remote Code Execution Vulnerability in Broadcom’s Wi-Fi driver is also Critical severity as it could allow remote code execution on an affected device while connected to the same network as the attacker.

Google points out in the security bulletin that they are not aware of any customers being impacted by this issue but is encouraging users to update as soon as the build is available to them.

 

In total there were six critical issues fixed in the release along with five high priority issues that were addressed.  The six critical issues addressed

Android Marshmallow Icon Screen
Android Marshmallow

include:

emote Code Execution Vulnerability in Broadcom Wi-Fi Driver CVE-2016-0801
CVE-2016-0802
Critical
Remote Code Execution Vulnerability in Mediaserver CVE-2016-0803
CVE-2016-0804
Critical
Elevation of Privilege Vulnerability in Qualcomm Performance Module CVE-2016-0805 Critical
Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver CVE-2016-0806 Critical
Elevation of Privilege Vulnerability in the Debugger Daemon CVE-2016-0807 Critical

The security bulletin outlines in detail all of the fixes along with crediting those who helped fix or identify them.

For those who want to do it, you can flash your Nexus device to this new build immediately.  If you want to wait for the OTA, it will be out in the next week or so and will start filtering to your device.  Remember, if you are on a Nexus device that is carrier locked, it will be a longer wait.