Google has today officially kicked off the rollout of the April Android Security patch with fixes for 29 different security bugs discovered by Android and Google security teams as well as other independent researchers.
The most serious issues patched in this update include a vulnerability that could enable the remote execution of code on devices with the exploit being applied through methods such as email, web browsing, an MMS messages.
Partners were notified about the issues described in the bulletin on March 16, 2016 or earlier. Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository over the next 48 hours. This bulletin will be revised with the AOSP links when they are available. The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.
Google is already pushing this update out via an OTA to all currently supported Nexus devices (Nexus 6P, 5X, 6, Player, 9, 5, 7 2013, and 10). Factory images are also available for download here. Blackberry has also announced that they are pushing the update to their Android smartphone, the Priv.