As is typically the case within the first few days of each month, Google has begun rolling out an update to Pixel and Nexus devices. Although unlike other updates, this one will bring the operating system up to Android 7.1.1. So far, the update seems to be rolling out to all Pixel devices, that is, those directly from Google and also those from Verizon. In terms of the update and besides the upping of the system to 7.1.1., it also seems as though the details on what has been fixed, prevented or patched, has also now come to light – as Google has now released the details for the December 2016 security patches included within this update.
According to the newly-released security bulletin from Google, and consistent with the most recent monthly security updates, the current update in progress includes two main security patch strings. The first of which is 2016-12-01. This is a partial security patch level string and includes fixes for all issues associated up to and including 2016-12-01. In contrast, 2016-12-05 is the full and complete security patch level string to date and includes fixes for all issues relevant to both 2016-12-01 and 2016-12-05. As is to be expected, Google does note that all "supported Google devices" are receiving the latest security patche(s) as part of the single OTA update which was released this morning and will come with a security patch level of 'December 5, 2016'. Also as to be expected, the level of patching for other devices will be dependent on future updates rolling out from manufacturers and/or carriers.
In terms of the differences between 2016-12-01 and 2016-12-05, according to the detailed list, the 2016-12-05 includes a number of 'critical' issues and in particular seems to include a number of fixes for NVIDIA drivers, including a vulnerability for the NVIDIA GPU driver and a vulnerability for the NVIDIA video driver. Although the number of critical and high priority issues being patched are far more extensive than the two NVIDIA ones mentioned. While the 2016-12-01 patching includes a number of high and moderate rated fixes and largely consists of 'elevation of privilege' and 'denial of service' vulnerabilities. Those interested in seeing the full list of fixes and patches for both strings, can do so by heading through the link below.