When it comes to Android, security has been a top priority for Google. Not only the manufacturers or developers, security is an attribute that concerns the users the most. The September Security Bulletin is live, and the corresponding factory images and full OTA images are available for downloads.

In these updates, Google aims at improving their device’s security by fixing bugs that could risk the security aspect.


September Security Bulletin – 2016


This month’s bulletin refers to three levels of security patches that will assist the Android manufacturers to quickly adapt these new fixes.

  • 2016-09-01 (Partial patch level fix): Fixed all issues associated with 2016-09-01 and previous patch levels.
  • 2016-09-05 (Partial patch level fix): Fixed all the issues associated with 2016-09-05, 2016-09-01, and previous patch levels.
  • 2016-09-06 (Complete patch level fix): Addressed issues that manufacturers found after the previous two patch strings.

There is a huge list of critical and high level fixes that have been made this month.

2016-09-01 Security Patch Level

Issue Severity
Remote code execution vulnerability in LibUtils Critical
Remote code execution vulnerability in Mediaserver Critical
Remote code execution vulnerability in MediaMuxer High
Elevation of privilege vulnerability in Mediaserver High
Elevation of privilege vulnerability in device boot High
Elevation of privilege vulnerability in Settings High
Denial of service vulnerability in Mediaserver High

2016-09-05 Security Patch Level

Issue Severity
Elevation of privilege vulnerability in kernel security subsystem Critical
Elevation of privilege vulnerability in kernel networking subsystem Critical
Elevation of privilege vulnerability in kernel netfilter subsystem Critical
Elevation of privilege vulnerability in kernel USB driver Critical
Elevation of privilege vulnerability in kernel sound subsystem High
Elevation of privilege vulnerability in kernel ASN.1 decoder High
Elevation of privilege vulnerability in Qualcomm radio interface layer High
Elevation of privilege vulnerability in Qualcomm subsystem driver High
Elevation of privilege vulnerability in kernel networking driver High
Elevation of privilege vulnerability in Synaptics touchscreen driver High
Elevation of privilege vulnerability in Qualcomm camera driver High
Elevation of privilege vulnerability in Qualcomm sound driver High
Elevation of privilege vulnerability in Qualcomm IPA driver High
Elevation of privilege vulnerability in Qualcomm power driver High
Elevation of privilege vulnerability in Broadcom Wi-Fi driver High
Elevation of privilege vulnerability in kernel eCryptfs filesystem High
Elevation of privilege vulnerability in NVIDIA kernel High
Elevation of privilege vulnerability in Qualcomm Wi-Fi driver High
Denial of service vulnerability in kernel networking subsystem High
Denial of service vulnerability in kernel ext4 file system High

2016-09-06 Security Patch Level

Issue Severity
Elevation of privilege vulnerability in kernel shared memory subsystem Critical
Elevation of privilege vulnerability in Qualcomm networking component High

All these security issues have been addressed with the September Security Bulletin, along with the other moderate severity issues. For the complete list of fixed vulnerabilities, refer to the Android Security Bulletin page.

The update has started to roll-out through OTA updates. You can also download the factory and full OTA images from the Google Developers website for manual flashing. Refer to the links below for instructions on how to flash.

How to Flash Factory Image on Nexus Devices

How to Sideload OTA Updates on Nexus Devices

Sad to say, but there is still no sign of Nougat Factory Images for Nexus 6P, Nexus 6, and Nexus 9. We dearly hope that Google will soon update us with the final Nougat factory images and full OTA updates.