Like clockwork, Google has also posted the security bulletin that goes along with the June 2016 update that was posted this afternoon. The security bulletin details the exploits and vulnerabilities that were fixed in this month's security update. There were 21 vulnerabilities fixed in this month's patch. Of those 21, only 6 of them were listed as "Critical", while there were 11 listed as "High", and four listed as "Moderate" in terms of severity.
Out of those 21 vulnerabilities that were fixed, Google claims that the most severe was a vulnerability "that could enable remote code execution on an affected device through multiple methods such as email, web browsing and MMS when processing media files." This is why it has been important that Google is taking the media server out of the OS layer and updating it separately with Android N. Google also notes that Google Hangouts and Messenger do not pass media processes such as Mediaserver, automatically. This Mediaserver issue comes from the Stagefright library, which is still a pretty popular focus for many security researchers. Google also says that there have been zero reports that any device has been exploited using this vulnerability or any of the others that were fixed in this update.
Another important vulnerability that was fixed, affects the Qualcomm Video Driver and Sound Driver. Google says that "An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel." Google notes that this issue was rated as a Critical issue because there is a possibility of a local permanent device compromise. And that compromise could require a reflashing of the operating system to fix the issue.
Google has made this update available to their partners since May 2nd. Which is a big reason why we've seen a few smartphones come out with the June 2016 update already – namely the Samsung Galaxy S7. Additionally, the code will be pushed to AOSP within the next 48 hours. So those that use AOSP to build custom ROMs will also have the latest security update in their custom ROM. As always, we suggest that everyone update to the latest security patch, that way you are protected from any and all security vulnerabilities that may exist.