Stagefright was the scariest Android vulnerability to come along in some time.The publicity got the Android device ecosystem—Google, OEMs, and carriers—to at least start paying attention to delivering security updates to users in a timely manner. Google, Samsung, and LG scrambled to get fixes out to their flagship devices and promised monthly security updates for their devices. That was 36 days ago. Today, Google has posted the first of those monthly security updates for Nexus device owners. The Nexus system image page added Android 5.1.1 build “LMY48M” for the Nexus 4, 5, 6, 7, 9, and 10, along with build “LMY48N” for the Android TV-based Nexus Player. LMY48M hit Google’s public AOSP repository on Wednesday.
Our friends at Android Police cobbled together a changelog, which contains a few security fixes, including a “Moderate severity vulnerability” that allowed apps to bypass the SMS short code notification prompt that warned users that short codes can cost them money.
View full story