Google made an announcement recently that they will be rolling out the February security OTA (Over-the-air) updates for its Nexus lines of phones, starting from Nexus 7, Nexus 5, Nexus 6, Nexus 5x and Nexus 6P.
Google addressed a critical security hole where one can enable remote code in an affected nexus device via email, web browser and MMS during media file processing. There was also a vulnerability with its Broadcom’s WiFi driver. The update fixes a total of five critical security vulnerabilities, two of which are for Android Media server. For High-level and one moderate-level security vulnerabilities have been patched via the update as well.
The moderate-level vulnerability is in the setup wizard where the attacker can bypass a factory reset protection and successfully gain control of the device. The only reason this is marked as moderate is because it requires the attacker to have a physical access with the Nexus device.
The update is to be identified as Android 6.0.1 Marshmallow build number MMB29Q. Google also assured that these vulnerabilities are not being exploited as of now, but seriously recommends to update the device.