It's update time again, coming soon to a phone near you!
, Priv, A9, and hopefully many more users will soon (if not already) see a rollout of Security Patch Level January 1, 2016. As you're no doubt aware, this is a continued monthly effort from Google to address any and all software-related security bugs that are found within Android from experts all around the tech world. Each month we get a listing the security concerns being addressed in the update, as well as who discovered the update and where they are currently employed.
Here's what has been fixed for January:
A big focus for this month has been escalation of privilege vulnerabilities. This refers to any point in the code where something can ask for access to greater privileges than they are supposed to be granted by the operating system. Frequently, escalation-of-privilege vulnerabilities can lead to the ability to execute code that would otherwise not be allowed. In the January patch, Google is addressing escalation vulnerabilities in Bluetooth, Kernel, Setup Wizard, Wifi, Trustzone, Imagination Technologies Driver, and misc-sd driver. A remote code execution vulnerability in the Mediaserver was also addressed in this patch, as well as a denial of service vulnerability in Bouncy Castle. Finally, there was an attack surface reduction for Nexus kernels.
