Google has started rolling out January security OTA (over-the-air) update for Pixel and Nexus devices. The search giant also released factory images and OTA zip files for users to manually install the latest build on their devices. Google’s January security update can be installed on devices running the latest Android Oreo version. The list of compatible devices include Pixel 2, Pixel 2 XL, Pixel, Pixel XL, Pixel C, Nexus 5X, and Nexus 6P.
The January Android security patch dated 2018-01-01 resolves 20 issues, while 18 vulnerabilities have been resolved in the 2018-01-05 security patch. The vulnerabilities range from high to critical. “The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” reads Android Security Bulletin for January 2018.
“The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed,” the bulletin adds.
Google Pixel and Nexus device users are advised to backup data before downloading and installing factory images. Google warns that installing factory image will erase all data from the device. The OTA zip files can only be downloaded on devices that have an unlocked bootloader or sideloaded on top of current software. Google’s January security update also brings with it additional security vulnerabilities and functional improvements for Pixel and Nexus devices.