Several important security updates have been recently released for Android users

In its June Android update, released on June 7, Google has fixed 40 vulnerabilities, eight of which are rated critical. Once again, the security update includes a familiar set of flaws, with media server issues and Qualcomm drivers topping the list.

In fact, six of the eight critical issues were found in Qualcomm drivers: CVE-2016-2062, CVE-2016-2464, CVE-2016-2465, CVE-2016-2466, CVE-2016-2467 and CVE-2016-2468. The flaws were found in the Qualcomm video, sound, GPU and WiFi driver components that are integrated with hundreds of millions of Android devices. All six vulnerabilities are privilege escalation issues that could potentially enable a malicious application to execute arbitrary code.

Google also once again had to patch vulnerabilities in its much maligned media server component. In the June update, Google patched 15 vulnerabilities in media server, including one critical remote code execution vulnerability (CVE-2016-2463), 12 high-impact privilege escalation flaws, one high-impact denial-of-service flaw (CVE-2016-2495) and a moderate impact information disclosure vulnerability (CVE-2016-2500).

With the 40 vulnerabilities fixed in the June update, Google has now patched at least 163 vulnerabilities so far in 2016. A key challenge, however, is getting handset vendors to implement all those patches and making them available to end users.

Google’s supported Nexus phones all get the Android updates relatively quickly after each monthly update is issued, but other Android phones have not been quite as fortunate. Google is now working on a plan to publicly pressure handset vendors that don’t make updates available quickly for end users and is planning to integrate a more robust updating system that helps keep devices up to date with patching.