- Nov 30, 2015
In keeping with their promise to make Android more secure on a monthly basis, Google's December 2015 Security Bulletin has been posted, detailing the next update and what was addressed this time around.
According to Google, partners were notified and provided updates for the December list on November 2nd. AOSP will be updated with patches over the next 48 hours, and firmware images for this update are available now on the Google Developers site. This update is marked December 1, 2015 on phones that mark security updates in settings, for example the BlackBerry Priv which has already received this update.
16 CVEs — that's Common Vulnerability and Exposures ID for those who don't speak security codenames — are addressed in this update, and according to Google there are no active reports of any active exploits through these vulnerabilities. These vulnerabilities were discovered by 11 different individuals, four of which are part of Google's Chrome Security Team or Project Zero. Details for these vulnerabilities can be found in the security bulletin, but largely the issues addressed mediaserver vulnerabilities, file manipulation leading to remote code execution, and the privilege elevation in libstagefright that caused so much concern recently.