As part of their monthly security update plan, Google has released the March 2016 security update for both Android Lollipop and Android Marshmallow today. Both updates have had their factory images posted on the Android developer site while the OTA updates are also shipping today for Nexus devices. Users can expect to see the update hit their unlocked Nexus devices over the course of the next few days and maybe up to a week as it rolls out.
In the Security Bulletin for the update, Google outlines that 19 significant issues are addressed in this update, 6 of which were considered critical. Here is the rundown of all of the issues addressed.
Android Marshmallow
| Issue | CVE | Severity |
|---|---|---|
| Remote Code Execution Vulnerability in Mediaserver | CVE-2016-0815 CVE-2016-0816 |
Critical |
| Remote Code Execution Vulnerabilities in libvpx | CVE-2016-1621 | Critical |
| Elevation of Privilege in Conscrypt | CVE-2016-0818 | Critical |
| Elevation of Privilege Vulnerability in the Qualcomm Performance Component |
CVE-2016-0819 | Critical |
| Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver | CVE-2016-0820 | Critical |
| Elevation of Privilege Vulnerability in Keyring Component | CVE-2016-0728 | Critical |
| Mitigation Bypass Vulnerability in the Kernel | CVE-2016-0821 | High |
| Elevation of Privilege in MediaTek Connectivity Driver | CVE-2016-0822 | High |
| Information Disclosure Vulnerability in Kernel | CVE-2016-0823 | High |
| Information Disclosure Vulnerability in libstagefright | CVE-2016-0824 | High |
| Information Disclosure Vulnerability in Widevine | CVE-2016-0825 | High |
| Elevation of Privilege Vulnerability in Mediaserver | CVE-2016-0826 CVE-2016-0827 |
High |
| Information Disclosure Vulnerability in Mediaserver | CVE-2016-0828 CVE-2016-0829 |
High |
| Remote Denial of Service Vulnerability in Bluetooth | CVE-2016-0830 | High |
| Information Disclosure Vulnerability in Telephony | CVE-2016-0831 | Moderate |
| Elevation of Privilege Vulnerability in Setup Wizard | CVE-2016-0832 | Moderate |
The post goes on to explain in detail several of the critical issues for those who are interested in reading the gory bits.
Keep in mind that if your device is locked to a carrier that it could be several weeks or even months before you see the update. Only unlocked Nexus devices will see the update quickly.
