Google (NASDAQ: GOOG) released on Monday its monthly security bulletin for Nexus devices, in which they announced a list of the security issues addressed by this April’s update. It highlighted the persistence of a major flaw qualified as critical in media server.
The team released information about the recurrent flaw that could have important repercussion in its users, like enable remote code execution on the affected device, according to the report published.
“The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files,” said the Google team.
Partners were notified of the issues described in previous bulletins and the patches for the listed problems in the report will be released to the Android Open Source Project (AOSP) repository over the next 48 hours, the company commented.
Exploitation of the published problems may represent a risk for Nexus’ users, that is why the tech giant also encouraged all users to update to the latest version of Android as soon as possible.
A serious approach to Android security
The monthly bulletins represent an effort from Google to improve mobile security by addressing Android’s software updates, focused on locking down any risks or backdoors to the system. They currently only are focused on its own line of devices: Nexus.
A support timeline was published by Google last year in which they indicated that Nexus’ devices will continue to receive major updates for at least two years, and security patches for the longer of three years from initial availability or 18 months, from the last sale of the device via the Google Store.
Others devices like Samsungs, LGs, HTCs and Motorolas stay in their complicated updates where their carrier partners get software fixes developed, tested and released, as reported by ZDNet.