The past couple of weeks have brought many software changes to Nexus devices, starting with the now traditional monthly security patches, then a long overdue bundle of stability and performance improvements designed specifically for the 5X and 6P.
Unfortunately, something apparently messed up the two’s fingerprint scanners as well, and a system vulnerability rated as critical prompted Google to pull an unprecedented move. Repairing the flaw couldn’t wait until next month, so “supplemental Nexus updates are being created and will be released within a few days.”
Just to be clear, these are unlikely to fix your fingerprint recognition problem too. They’re solely targeted at a scary-sounding exploit that was abused in the wild to seize unlawful control over at least one Nexus 5.
The first-gen LG-made 5-incher and the Motorola-produced Nexus 6 have been confirmed as the main potential casualties of the “elevation of privilege vulnerability”, but technically, any unpatched Android device on kernel version 3.4, 3.10 or 3.14 could be susceptible to a cyber-attack.
Luckily, unless you’re extremely careless about what sort of apps you install and especially their origin, chances are you were never in any danger. That’s because an attacker needed to convince a user to manually install an unnamed publicly available rooting application with infected code, which is obviously not allowed through the Play Store, and is normally blocked outside it too courtesy of Android’s “Verify Apps” feature.
Still, better safe than sorry, and better to fully annihilate the exposure before it spreads like wildfire among sloppy Nexus 5 and 6 owners.