Google has been issuing Android Security Bulletins on a monthly basis since August. That came on the heels of a few serious security flaws that affected the nearly 1 billion users of its Android mobile operating system.
Notably, that included the Stagefright bug that was affecting mobile devices with text messages, and other methods. This month, Google is issuing fixes for 13 bugs, including seven critical vulnerabilities, for its Nexus smartphones. It has issued fixes to its manufacturing partners.
However, so far, only Blackberry has issued a fix for its PRIV smartphones for one of these critical vulnerabilities. This one affects the media server service.
The vulnerability, which affects Android 6.0, 5.1, and 4.4.4, opens up devices to remote attacks with emails, text messages, or Web browsing. The critical vulnerability could allow remote access by hackers when you're processing media files.
Google notes that its apps, Hangouts and Messenger, don't automatically process media files on media server, as they used to.
Another critical vulnerability, the Remote Code Execution Vulnerability, affects Broadcom's Wi-Fi driver. It could allow remote code execution if a hacker is on the same network as you.
There is some good news here. Google issued an alert to its manufacturing partners about these vulnerabilities about a month ago. Plus, according to Google, "We have no reports of active customer exploitation of these newly reported issues."
Google security patches are up to date, to February 1. Google notes that devices LMY49G or newer, and Android M with security patches up to February 1, have already taken care of these issues.