Can't get latest Android patches? New CyanogenMod 13 build could be the answer

If your handset hasn't received the latest Android security patches from Google, it might be time to consider running the Android Marshmallow 6.0-based CyanogenMod, which does offer them.
Written by Liam Tung, Contributing Writer

CyanogenMod developers say this release offers all Android security bulletins up to the most recent patch level.

Image: CNET

Cyanogen Inc may have reined in its ambitions to take control of Android from Google, but Cyanogen developers are still rolling out regular updates to CyanogenMod for dozens of Android handsets.

The latest release is the CyanogenMod 13 snapshot, the most stable version of the firmware. It includes a number of new features, but the most notable are its security updates.

Google has now been providing monthly Android security patches for Nexus devices for a year and has encouraged Android handset makers to do the same. But while Samsung and LG have adopted monthly patches for premium handsets, many handsets still don't receive them.

CyanogenMod developers say this release incorporates all Android security bulletins that Google has released up to the most recent patch level of August 5, 2016.

However, it appears CyanogenMod was not able to fully address the four Qualcomm driver bugs revealed by security firm Check Point last week, known as Quadrooter.

"Of the four reported CVEs, we've been able to plug the ones that affected OSS code (ie the kernel), specifically CVE-2016-2059 and CVE-2016-5340. However, some of the reported vulnerabilities lie within OEM binary blobs, meaning we don't have source access to resolve them," CyanogenMod developers wrote.

The developers believe these bugs will persist indefinitely as it is unlikely OEMs will release the code necessary to address them. As a result, the only action users can take is to be cautious about which apps they download. Android devices can be infected if an app with Quadrooter exploits is installed.

After the Quadrooter bugs were revealed, Google said Android devices with the latest patch level of August 5, 2016, were protected against three of the four vulnerabilities.

It plans on releasing a patch for CVE-2016-5340 in a future Android security bulletin. Also, Google said its Verify Apps security feature would help block apps that exploit these bugs.

CyanogenMod developers have made available a more detailed list of feature updates for the latest snapshot build.

Read more on Cyanogen

Editorial standards