Every month Google has been releasing a patch to their operating system focused around fixing security issues which have been reported either internally or from outside organizations. As the month has just arrived, it is time for another security patch.
These fixes, which are still considered Android 6.0.1, will be rolling out to Nexus Player users in the coming weeks, although the factory images are available now for those who would like to flash the OS sooner.
Some of the most critical fixes come from remote execution possibilities in the mediaserver and Broadcom Wi-Fi driver. If a media file or wireless packet is designed in a particular way, it could cause arbitrary code to be run. Not only are remote execution bugs significant, but as these two components are commonly used throughout the operating system, there’s plenty of potential avenues for this bug to be exploited.
There are a few fixes for elevation of privilege in some hardware drivers and background services. These exploits could allow a local application to run arbitrary code by getting around the normal sandbox protections that would come with Android apps.