On Monday, Google posted the factory images for the Nexus devices with the February 1, 2016 security patch. Shortly after that, Google posted the changelog or “Nexus Security Bulletin” as they like to call it, explaining what has been changed in this update. This is the same update (along with some other bug fixes and improvements) that BlackBerry pushed out this morning to their Priv.
One of the changes here includes the exploit to bypass the setup wizard. Which is something that has been exploited on the past two security updates for the Nexus 6P (on Android 6.0 and then on Android 6.0.1). Nice to see Google getting that fixed up for us in the February update. Another fix was for the Broadcom WiFi driver, which Google lists as one of the five “critical” vulnerabilities fixed in this update. Google says that the most critical vulnerability that was fixed in this update, by the fact that remote code can be executed through e-mail, web browsing and MMS. Similar to the issue with the Broadcom WiFi driver which we already listed. There are ten vulnerabilities that Google outlined, fixed in this update. Others that haven’t been outlined have not been made public. And out of security to other devices not on this latest security patch, Google is not making them public.
In the security bulletin, Google notes that all of the vulnerabilities and changes made in this patch were sent to their partners by January 4th, 2016 at the latest. This way their partners can create their own security patch for February 2016 and get their devices patched before anything affects their devices. Google also notes that the update will be heading to AOSP (Android Open Source Project) within the next 48 hours. Shortly after that, we should see custom ROM’s updated with the latest security patch – like CyanogenMod for example.
As mentioned, factory images are already available for the Nexus 5, 5X, 6, 6P, 7 (2013), 9, 10 and Nexus Player as well as the Pixel C. Those that don’t want to wait for the security patch, you can flash the factory image now and get up to date without waiting for the OTA to arrive on your device.