As they do every month, Google has begun rolling out the security patch for the month of October to Nexus devices everywhere via OTA and factory images. Two patch levels are present this month with the first labeled October 1st (2016-10-01) and the second October 5th (2016-10-05). The latter is much stronger than the former and tends to be highly more secure, but nevertheless manufacturers have options for which patch to roll out to their devices when the time comes.

Here’s the full rundown of all 17 bugs squashed in the October 1st patch:

Issue CVE Severity Affects Nexus?
Elevation of privilege vulnerability in ServiceManager CVE-2016-3900 High Yes
Elevation of privilege vulnerability in Lock Settings Service CVE-2016-3908 High Yes
Elevation of privilege vulnerability in Mediaserver CVE-2016-3909, CVE-2016-3910, CVE-2016-3913 High Yes
Elevation of privilege vulnerability in Zygote process CVE-2016-3911 High Yes
Elevation of privilege vulnerability in framework APIs CVE-2016-3912 High Yes
Elevation of privilege vulnerability in Telephony CVE-2016-3914 High Yes
Elevation of privilege vulnerability in Camera service CVE-2016-3915, CVE-2016-3916 High Yes
Elevation of privilege vulnerability in fingerprint login CVE-2016-3917 High Yes
Information disclosure vulnerability in AOSP Mail CVE-2016-3918 High Yes
Denial of service vulnerability in Wi-Fi CVE-2016-3882 High Yes
Denial of service vulnerability in GPS CVE-2016-5348 High Yes
Denial of service vulnerability in Mediaserver CVE-2016-3920 High Yes
Elevation of privilege vulnerability in Framework Listener CVE-2016-3921 Moderate Yes
Elevation of privilege vulnerability in Telephony CVE-2016-3922 Moderate Yes
Elevation of privilege vulnerability in Accessibility services CVE-2016-3923 Moderate Yes
Information disclosure vulnerability in Mediaserver CVE-2016-3924 Moderate Yes
Denial of service vulnerability in Wi-Fi CVE-2016-3925 Moderate Yes

And for good measure, here’s a list of all 31 fixes found in the October 5th patch:

Issue CVE Severity Affects Nexus?
Remote code execution vulnerability in kernel ASN.1 decoder CVE-2016-0758 Critical Yes
Remote code execution vulnerability in kernel networking subsystem CVE-2016-7117 Critical Yes
Elevation of privilege vulnerability in MediaTek video driver CVE-2016-3928 Critical No
Elevation of privilege vulnerability in kernel shared memory driver CVE-2016-5340 Critical Yes
Vulnerabilities in Qualcomm components CVE-2016-3926, CVE-2016-3927, CVE-2016-3929 Critical Yes
Elevation of privilege vulnerability in Qualcomm networking component CVE-2016-2059 High Yes
Elevation of privilege vulnerability in NVIDIA MMC test driver CVE-2016-3930 High Yes
Elevation of privilege vulnerability in Qualcomm Secure Execution Environment Communicator driver CVE-2016-3931 High Yes
Elevation of privilege vulnerability in Mediaserver CVE-2016-3932, CVE-2016-3933 High Yes
Elevation of privilege vulnerability in Qualcomm camera driver CVE-2016-3903, CVE-2016-3934 High Yes
Elevation of privilege vulnerability in Qualcomm sound driver CVE-2015-8951 High Yes
Elevation of privilege vulnerability in Qualcomm crypto engine driver CVE-2016-3901, CVE-2016-3935 High No
Elevation of privilege vulnerability in MediaTek video driver CVE-2016-3936, CVE-2016-3937 High Yes
Elevation of privilege vulnerability in Qualcomm video driver CVE-2016-3938, CVE-2016-3939 High Yes
Elevation of privilege vulnerability in Synaptics touchscreen driver CVE-2016-3940, CVE-2016-6672 High Yes
Elevation of privilege vulnerability in NVIDIA camera driver CVE-2016-6673 High Yes
Elevation of privilege vulnerability in system_server CVE-2016-6674 High Yes
Elevation of privilege vulnerability in Qualcomm Wi-Fi driver CVE-2016-3905, CVE-2016-6675, CVE-2016-6676, CVE-2016-5342 High Yes
Elevation of privilege vulnerability in kernel performance subsystem CVE-2015-8955 High Yes
Information disclosure vulnerability in kernel ION subsystem CVE-2015-8950 High Yes
Information disclosure vulnerability in NVIDIA GPU driver CVE-2016-6677 High Yes
Elevation of privilege vulnerability in Qualcomm character driver CVE-2015-0572 Moderate Yes
Information disclosure vulnerability in Qualcomm sound driver CVE-2016-3860 Moderate Yes
Information disclosure vulnerability in Motorola USBNet driver CVE-2016-6678 Moderate Yes
Information disclosure vulnerability in Qualcomm components CVE-2016-6679, CVE-2016-3902, CVE-2016-6680, CVE-2016-6681, CVE-2016-6682 Moderate Yes
Information disclosure vulnerability in kernel components CVE-2016-6683, CVE-2016-6684, CVE-2015-8956, CVE-2016-6685 Moderate Yes
Information disclosure vulnerability in NVIDIA profiler CVE-2016-6686, CVE-2016-6687, CVE-2016-6688 Moderate Yes
Information disclosure vulnerability in kernel CVE-2016-6689 Moderate Yes
Denial of service vulnerability in kernel networking subsystem CVE-2016-5696 Moderate Yes
Denial of service vulnerability in kernel sound driver CVE-2016-6690 Low Yes
Vulnerabilities in Qualcomm components CVE-2016-6691, CVE-2016-6692, CVE-2016-6693, CVE-2016-6694, CVE-2016-6695, CVE-2016-6696, CVE-2016-5344, CVE-2016-5343 High No

Giving it a few days time, you should start seeing the October security patch pop up on your Nexus device. If you’re not fond of waiting, you can always flash either the OTA image or factory image appropriate for your device. It’s worth noting that the Nexus 6, while didn’t receive a Nougat-based image last month, has this month been granted with it’s official Android 7.0 Nougat image file which is currently based on the October 5th security patch and can be downloaded from the links above.

Thanks to Android Police, we’ve got the official build numbers of each image file that corresponds to it’s assigned device. You can view the list below.

  • Pixel C: NRD91D
  • Nexus 6P: NBD90X
  • Nexus 5X: NBD90W
  • Nexus 6: MOB31H
  • N9 Wifi: NRD91D
  • Nexus Player: NRD91D

For your convenience, we’ve included Google’s official guide on flashing a factory or OTA image to your Nexus/Pixel device below. Be sure to back up your data before attempting this method of upgrading your device as anything can happen during the process.

Flashing Instructions

To flash a device using one of the system images below (or one of your own), you need the latest fastboot tool. You can get it from one of the sources below.

Once you have the fastboot tool, add it to your PATH environment variable (the flash-all script below must be able to find it). Also be certain that you’ve set up USB access for your device, as described in the Using Hardware Devicesguide.

Caution: Flashing a new system image deletes all user data. Be certain to first backup any personal data such as photos.

To flash a system image:

  1. Download the appropriate system image for your device below, then unzip it to a safe directory.
  2. Connect your device to your computer over USB.
  3. Start the device in fastboot mode with one of the following methods:
    • Using the adb tool: With the device powered on, execute: adb reboot bootloader
    • Using a key combo: Turn the device off, then turn it on and immediately hold down the relevant key combination for your device. For example, to put a Nexus 5 (“hammerhead”) into fastboot mode, press and hold Volume Up + Volume Down + Power as the device begins booting up.
  4. If necessary, unlock the device’s bootloader by running: fastboot flashing unlock
    or, for older devices, running:
    fastboot oem unlock
    The target device will show you a confirmation screen. (This erases all data on the target device.)
  5. Open a terminal and navigate to the unzipped system image directory.
  6. Execute the flash-all script. This script installs the necessary bootloader, baseband firmware(s), and operating system.

Once the script finishes, your device reboots. You should now lock the bootloader for security:

  1. Start the device in fastboot mode again, as described above.
  2. Execute: fastboot flashing lock
    or, for older devices, running:
    fastboot oem lock

Locking bootloader will wipe the data on some devices. After locking the bootloader, if you want to flash the device again, you must run fastboot oem unlock again, which will wipe the data.


Advertisements

One thought on “Google’s Now Rolling Out the October Security Patch to Nexus Devices

Leave a Comment

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s