Google continues to keep Android secure by issuing another security patch for Android. Nexus owners, including the Nexus Player, should be getting a series of OTA updates within the next couple of days. This version, still 6.0.1, seems at first glance to only contain security fixes.
Nexus Player owners have been having color issues on Marshmallow. Although Google has found the issue and fixed it, they were waiting until after the holidays to roll it out. Some users have confirmed that this patch fixes the color issues.
The security issues fixed, as published in a security bulletin, show a handful of problems, most of which deal with elevation of privilege.
Android TV owners may have been affected by issues in the mediaserver library. A particular file may have caused memory corruption and allowed an attacker to have remote code execution. As the mediaserver is used for a lot of audio and video playback, there are many opportunities for an attack to occur. Web browsing is the biggest potential issue, where users will be the most exposed to untrusted media.
Another security issue comes from the DRM Widevine, which could allow an application to run arbitrary code and require the device’s OS to be reflashed to repair the issue.
The factory image for the Nexus Player has been uploaded and is now available for you to flash if you’re impatient.