An update was released on Jan. 20 for Sony's Xperia X and Xperia X Compact but don't get too excited, as the update only comes with security patches. The updates bring the build number on the devices to 34.2.A.0.292 and update the security patch level to "1 January 2017." There don't seem to be any other noteworthy changes included in the update, but Sony is among the first of the manufacturers to release the January security update to a significant number of its devices. Sony's Xperia Performance and Xperia E5 received the January security patches earlier this month, while devices from other manufacturers are also beginning to get the update.
According to the Android Open Source Project's Android Security Bulletin for January 2017, "security patch levels of 2017-01-01 or later must address" several vulnerabilities known to be common across Android devices. The 14 fixes that must be instituted include patches across 4 different types of vulnerabilities. These are remote code execution, elevation of privilege, information disclosure, and denial of service vulnerabilities. Most of the vulnerabilities were rated as high severity, with one of those being rated as critical. The final three vulnerabilities had been rated as moderate. The "1 January 2017" patch level is officially considered a partial patch by Google. It applies fixes to the most common vulnerabilities and problems found across the Android platform. "5 January 2017" – given as 2017-05-01 is considered the complete patch, but Sony Xperia X and Xperia X Compact users should not be too concerned at receiving the partial patch. The "complete" patch covers many vulnerabilities that are specific to more individual devices depending on the manufacturer, hardware, and other aspects. It is unlikely that the two Sony devices are affected by the known vulnerabilities that aren't fixed at the "1 January" Security patch level.
Vulnerabilities have been in the news quite a bit recently. The incoming "Internet of Things" is already a very big deal for 2017 – and the year is only just getting started. It is worth reiterating that there is no such thing as perfect security. However, as more and more devices connect to the web and to each other it is going to be absolutely vital for the associated hardware and software to be made as secure as possible.