In its 'Nexus Security Bulletin' for the month of January, Google has listed one of the most severe vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files. The company however said that it received no reports of active customer exploitation of the newly reported issues.
Some of the other critical security vulnerabilities listed by Google include elevation of privilege vulnerability in misc-sd driver, elevation of privilege vulnerability in the imagination technologies driver, elevation of privilege vulnerabilities in trustzone, and elevation of privilege vulnerability in kernel. The company also revealed that partners were notified about the issues on December 7 or earlier. Google will be releasing source code patches for the new issues to the Android Open Source Project (AOSP) repository in the next 48 hours.
Unlike the December security update, the January Android security update is purely focused on security fixes.
The factory images for Nexus range of devices are also available on Google's Android Developers' website. Both the OTA update and factory images are for devices running Android 6.0 Marshmallow. The Nexus 5X and Nexus 6P will get the new Android security OTA update with build MMB29P. The Nexus 5 and the Nexus 9 Wi-Fi only and LTE will receive OTA updates with build MMB29S. The Nexus 7 Wi-Fi only and LTE will get an update with build MMB29O. Nexus Player will start receiving OTA security updates with build MMB29T while the Nexus 6 will get MMB29S build.