Google has released 16 patches for Android, including one for a critical remote-execution vulnerability in the operating system’s media server.
The company’s own Nexus devices will receive an over-the-air update.

Google’s partners have had at least a month to prepare they own versions of the updates.

Android device release updates independently of Google, and are often also constrained by their carriers’ schedules.
The vulnerabilities in the media server could be exploited if malicious content is displayed or played on a device, such as from an MMS message, email, or browser, Google’s advisory said.
A string of vulnerabilities has been found in Android media playback software since last year, most notably the Stagefright bug. 
That flaw could have allowed an attacker to compromise a device just by sending a malicious MMS.

A successful compromise required an attacker only to know the victim’s phone number.
The severity of Stagefright prompted Google to move to a monthly patching schedule to address long-running concerns that Android was not regularly fixed.
Samsung and LG, both major Android manufacturers, also pledged to improve the speed at which security fixes are applied. Mobile devices, particularly those running Android, are a frequent target for cyberattacks.
The other patches released by Google include five critical ones, eight rated as high-severity, and two considered moderate.
The source code for the fixes will be published on the Android Open Source Project repository this week. Users who don’t want to wait for an over-the-air update can download and install the Nexus firmware images directly.