In this day and age, mobile security is increasingly important, and that has never been more clear with the discovery of things like the StageFright bug. Earlier this year Google announced they would be doing monthly security updates for supported Nexus devices which also includes the Nexus Player, and earlier this week the most recent of those security updates started coming through to those devices which are supported. Both the over-the-air update as well as the factory images have been available for days now, meaning anyone who wanted to flash the software on their own manually could do so without having to wait for Google to push the software to them.
As of this afternoon Google posted a changelog of what the security updates included with a brief description of what the bugs were that were patched as well as the severity of each bug on the list and whether or not there were any active exploitations. Right off the bat out of all eight vulnerabilities, only one had an active exploitation which was the “elevation of privilege vulnerability in kernel.” This is one of the two critical level vulnerabilities that were fixed, and has to do with the libstagefright bug inside of the Android media library. The other critical vulnerability which was fixed was also in regards to the libstagefright.
With these two critical issues fixed, those Nexus devices which are already on this latest version of software should now be protected from the stagefright bug which opened them up to possible malicious activity from individuals via code sent through multimedia messages. While Google has patched the supported list of Nexus devices, there are still plenty of other OEM devices which have yet to receive their security updates. The good news is that Google is still working with OEM partners to get those bug fixes out to users. In the meantime, what’s always been recommended is to disable to automatic downloading of MMS messages inside whatever default messaging app you use for texting. Keep in mind that those who are using a supported Nexus device for these security updates can still flash the factory images manually if your device has not yet received the OTA.