Nexus devices will get a second security update this month to patch a critical exploit

Nexus device users will be aware that Google releases a new OTA update every month, to patch the OS with some security fixes.

But this is changing this month, as the Mountain View company has issued a new security advisory.

Google will be rolling out a second security update this month to patch a critical exploit. The flaw in question, is reportedly a kernel level exploit, caused by a rooting application, which uses an elevation of privilege vulnerability, thus allowing a local malicious application to execute arbitrary code in the kernel.

A reflash of the operating system will fix an affected device, and Google says that the Nexus 6 and Nexus 5 have been confirmed to be affected by this exploit. But for the attack to take place, a user will need to install the app manually.

Google says that it is blocking the installation of the apps in question, in two ways: through Google Play and also via the Verify Apps.

All unpatched versions of Android are affected by the vulnerability, and the only ones which are not are those which have the security patch dated March 18, 2016 and April 2, 2016.

Nexus devices will receive an update for patching the kernel exploit in the next few days.

via: Android and Reddit