We're a few days into a new month, which means it's time for a fresh set of security updates for the Nexus family and the Android Open Source Project (AOSP). Factory images are available for most of the actively maintained devices, though it looks like the Pixel C is still waiting its turn. OTAs should also begin rolling out shortly, if they haven't already.

Google has already posted the associated security bulletin for April's update. The list of documented issues is unusually long at 29, including several vulnerabilities that could allow for remote code execution and privilege elevation. Among them is a vulnerability that is known to have been exploited in the wild by a rooting application, prompting a mid-month security bulletin. In total, 8 items were listed as Critical, 13 as High, and the remaining 8 were Moderate.

The updated build numbers include:

  • MHC19Q for the Nexus 6P and 5X
  • MMB29X for the Nexus 6, 5, 9 LTE, and (2013) 7 Mobile
  • MOB30D for the Nexus Player, 9 Wi-Fi, and (2013) 7 Wi-Fi
  • LMY49J for the Nexus 10

As usual, Nexus owners can wait for the OTAs to roll out to their devices over the next few days. Or if you feel comfortable with manually flashing with fastboot, the factory images are readily available. The patches will probably be posted to AOSP later today, so keep an eye out for a changelog this afternoon or tomorrow.

Nexus Factory images, April 2016 Security Bulletin/source]