Mid-month security patch coming to Nexus devices
Those who claim that Android is not secure enough should think twice before saying that again since Google has released two security updates this month instead of one. However, the second patch comes as an emergency update and its arrival is caused by the discovery of an exploit that could compromise the Nexus 5 and Nexus 6 handsets.
According to Google's Android security advisory published on March 18th, the company "has confirmed the existence of a publicly available rooting application that abuses this vulnerability on Nexus 5 and Nexus 6 to provide the device user with root privileges." The report about the exploit in question has reached Google on March 15th, but the vulnerability was known, and a patch had been issued on March 16th to Google partners. Even more, Android has been patched to block the installation of vulnerable code via Google Play, but also outside of Google Play.
While Android devices that use Linux kernel 3.18 or higher are not vulnerable, the advisory "applies to all unpatched Android devices on kernel versions 3.4, 3.10 and 3.14, including all Nexus devices." Nexus devices should get updated today or tomorrow while third-party handsets should follow soon as well.