With fixes for 39 vulnerabilities in Android, the April Nexus Security Bulletin is the largest security update from Google since the company began the monthly update process eight months ago.
Google fixed 15 vulnerabilities rated as critical, 16 rated as high, and eight as moderate in the latest monthly bulletin, across 26 different components, including DHCPCD, Mediaserver, Bluetooth, Exchange ActiveSync, Wi-Fi, Telephony, media codec, video kernel driver, and Debuggerd. The update also covers the March 18 out-of-band emergency patch fixing a local privilege escalation flaw in the Android kernel.
Security flaws need to be patched, and there must be a better way to let Android devices receive regular updates. But so long as the cost of developing exploits for each Android permutation remains high, new vulnerabilities will not result in the sky falling for the unpatched masses.
Submitted by: Arnfried Walbrecht