April Android Security Update Addresses Multiple Critical Issues

The April security update for Android was announced last week along with the factory images of the new build being available.  For most Nexus device users, the OTA updates will start rolling out this week if you are not carrier locked.  If you are, it could be a few more weeks after that.  Along with the images, Google has released the Security Bulletin for the update too and it has a wealth of information on what was fixed in the update.

From the Bulletin, there were a total of 8 critical updates fixed in the April update, most having to do with remote code execution vulnerabilities.  There was also a fix for the kernel execution issue

Android Marshmallow Icon Screen
Android Marshmallow

which I posted on last month.  In addition to these critical updates, there were 13 high priority updates with most of those focused on elevation of privileges within Android.  Finally, there were 8 moderate issues fixed in the update.  Here is the complete rundown along with Common Vulnerability and Exposures ID (CVE):

Remote Code Execution Vulnerability in DHCPCD CVE-2016-1503
CVE-2014-6060
Critical
Remote Code Execution Vulnerability in Media Codec CVE-2016-0834 Critical
Remote Code Execution Vulnerability in Mediaserver CVE-2016-0835
CVE-2016-0836
CVE-2016-0837
CVE-2016-0838
CVE-2016-0839
CVE-2016-0840
CVE-2016-0841
Critical
Remote Code Execution Vulnerability in libstagefright CVE-2016-0842 Critical
Elevation of Privilege Vulnerability in Kernel CVE-2015-1805 Critical
Elevation of Privilege Vulnerability in Qualcomm
Performance Module
CVE-2016-0843 Critical
Elevation of Privilege Vulnerability in Qualcomm RF Component CVE-2016-0844 Critical
Elevation of Privilege Vulnerability in Kernel CVE-2014-9322 Critical
Elevation of Privilege Vulnerability in IMemory Native Interface CVE-2016-0846 High
Elevation of Privilege Vulnerability in Telecom Component CVE-2016-0847 High
Elevation of Privilege Vulnerability in Download Manager CVE-2016-0848 High
Elevation of Privilege Vulnerability in Recovery Procedure CVE-2016-0849 High
Elevation of Privilege Vulnerability in Bluetooth CVE-2016-0850 High
Elevation of Privilege Vulnerability in Texas Instruments Haptic Driver CVE-2016-2409 High
Elevation of Privilege Vulnerability in a Video Kernel Driver CVE-2016-2410 High
Elevation of Privilege Vulnerability in Qualcomm
Power Management Component
CVE-2016-2411 High
Elevation of Privilege Vulnerability in System_server CVE-2016-2412 High
Elevation of Privilege Vulnerability in Mediaserver CVE-2016-2413 High
Denial of Service Vulnerability in Minikin CVE-2016-2414 High
Information Disclosure Vulnerability in Exchange ActiveSync CVE-2016-2415 High
Information Disclosure Vulnerability in Mediaserver CVE-2016-2416
CVE-2016-2417
CVE-2016-2418
CVE-2016-2419
High
Elevation of Privilege Vulnerability in Debuggerd Component CVE-2016-2420 Moderate
Elevation of Privilege Vulnerability in Setup Wizard CVE-2016-2421 Moderate
Elevation of Privilege Vulnerability in Wi-Fi CVE-2016-2422 Moderate
Elevation of Privilege Vulnerability in Telephony CVE-2016-2423 Moderate
Denial of Service Vulnerability in SyncStorageEngine CVE-2016-2424 Moderate
Information Disclosure Vulnerability in AOSP Mail CVE-2016-2425 Moderate
Information Disclosure Vulnerability in Framework CVE-2016-2426 Moderate
Information Disclosure Vulnerability in BouncyCastle CVE-2016-2427 Moderate

For some readers this will not be all that interesting.  However, the takeaway for everyone is that Google is continually working on improving Android and making it more secure.