In its 'Nexus Security Bulletin' for the month of November, Google has listed one of the most severe critical security vulnerabilities that can allow remote code execution on an affected device through various methods such as email, web browsing, and MMS when processing media files. Google however notes that it didn't receive any reports of active customer exploitation of the newly reported issue. The company has also revealed that partners were notified about the issues on October 5 or earlier.
Google will be releasing source code patches for the new issues to the Android Open Source Project (AOSP) repository in the next 48 hours.
The factory images for Nexus range of devices are also available on Google's Android Developers' website. Both the OTA update and factory images are for Android 6.0 Marshmallow. The Nexus 5X and Nexus 6P will get the new Android security OTA update with build MDB08M. The Nexus 5 and the Nexus 9 Wi-Fi only and LTE will receive OTA updates with build MRA58N. The Nexus 7 Wi-Fi only and LTE will get an update with build MRA58V. Nexus Player will start receiving OTA security updates with build MRA58N while the Nexus 6 will get MRA58K build.
Google's monthly security updates are for its Nexus range of devices as well as letting partner OEMs know about any new discovered vulnerability in a security bulletin every month.
Android updates take a long time before reaching handsets, and it usually happens months after Google releases an update to its partner OEMs. The update is modified accordingly by the company and is seeded to different mobile carriers across the world. The mobile carriers again tweak the UI before finally releasing the update to users. The whole process of an Android update sometimes takes almost three-six months to reach out users.