It's the first Monday of the month, and that means another batch of patches for Android, fixing flaws that can be exploited by apps and webpages to hijack devices.

As usual, if you're not using a Google Nexus device, you're at the mercy of your manufacturer and phone carrier to approve and distribute these updates, which may take some time. Although Google Play Services on Android gadgets can install updates quietly in the background direct from Google, it can't reach the lowest levels of the operating system – which is precisely where these bugs lurk. Nexus devices get their updates straight from Google.

Of the eight critical flaws fixed this month, six are present in Qualcomm-powered phones and fondleslabs: two in each of its sound and GPU drivers, and a one in each of the firm's video and Wi-Fi drivers. All six allow apps installed on the devices to either enter kernel space and completely hijack the gadget to steal passwords and spy on victims.

If a handheld is infected with malware via one of these vulnerabilities, you'll need to do a complete wipe and reflash of the firmware to remove the software nasty.

The other two critical patches this month, as well as the bulk of lesser-severity patches, cover Android's Mediaserver and libwebm code. Specially crafted audio and video files viewed on a vulnerable device – imagine receiving an MMS text or viewing a web page bobby-trapped with an evil video – can exploit these holes to execute malicious code with high privileges on the device.

Ten of the remaining 32 high- and moderate-severity flaw fixes also cover Qualcomm kit, with Broadcom's dodgy Wi-Fi drivers contributing another couple and Nvidia's camera driver also showing problems. These holes can be potentially abused by apps to gain extra permissions to snoop on owners or cause trouble.

Twelve of these lower-ranked flaws in Mediaserver cover malicious apps being able to gain Signature or SignatureOrSystem privileges on the device, as does one flaw in the SD card emulation layer of Android. This could allow a specially crafted app with the right system image certification to run code without asking the user first.

Google is well aware of the problems with its Mediaserver. The Chocolate Factory is addressing the problem in the forthcoming Android N by rewriting and siloing media handling components in the operating system in the new build.

This month's security bugs are present in Android versions 4.4.4 (32.5 per cent of devices), 5.0.2 (16 per cent), 5.1.1 (19 per cent), 6.0 and 6.0.1 (7.5 per cent). Earlier builds are no longer supported. Although Google only lists which Nexus models are affected in its security advisory, other manufacturers' phones are also affected.

Android does feature various mechanisms – such as ASLR – to block the exploitation of security bugs, although they can be potentially sidestepped.

You can see the full list here. Get busy patching – if you can – because you can be sure miscreants will be finding new ways to exploit these programming cockups. ®

Issue CVE Severity Affects Nexus? Remote Code Execution Vulnerability in Mediaserver CVE-2016-2463 Critical Yes Remote Code Execution Vulnerabilities in libwebm CVE-2016-2464 Critical Yes Elevation of Privilege Vulnerability in Qualcomm Video Driver CVE-2016-2465 Critical Yes Elevation of Privilege Vulnerability in Qualcomm Sound Driver CVE-2016-2466

CVE-2016-2467 Critical Yes Elevation of Privilege Vulnerability in Qualcomm GPU Driver CVE-2016-2468

CVE-2016-2062 Critical Yes Elevation of Privilege Vulnerability in Qualcomm WiFi Driver CVE-2016-2474 Critical Yes Elevation of Privilege Vulnerability in Broadcom WiFi Driver CVE-2016-2475 High Yes Elevation of Privilege Vulnerability in Qualcomm Sound Driver CVE-2016-2066

CVE-2016-2469 High Yes Elevation of Privilege Vulnerability in Mediaserver CVE-2016-2476

CVE-2016-2477

CVE-2016-2478

CVE-2016-2479

CVE-2016-2480

CVE-2016-2481

CVE-2016-2482

CVE-2016-2483

CVE-2016-2484

CVE-2016-2485

CVE-2016-2486

CVE-2016-2487 High Yes Elevation of Privilege Vulnerability in Qualcomm Camera Driver CVE-2016-2061

CVE-2016-2488 High Yes Elevation of Privilege Vulnerability in Qualcomm Video Driver CVE-2016-2489 High Yes Elevation of Privilege Vulnerability in NVIDIA Camera Driver CVE-2016-2490

CVE-2016-2491 High Yes Elevation of Privilege Vulnerability in Qualcomm WiFi Driver CVE-2016-2470

CVE-2016-2471

CVE-2016-2472

CVE-2016-2473 High Yes Elevation of Privilege Vulnerability in MediaTek Power Management Driver CVE-2016-2492 High Yes Elevation of Privilege Vulnerability in SD Card Emulation Layer CVE-2016-2494 High Yes Elevation of Privilege Vulnerability in Broadcom WiFi Driver CVE-2016-2493 High Yes Remote Denial of Service Vulnerability in Mediaserver CVE-2016-2495 High Yes Elevation of Privilege Vulnerability in Framework UI CVE-2016-2496 Moderate Yes Information Disclosure Vulnerability in Qualcomm WiFi Driver CVE-2016-2498 Moderate Yes Information Disclosure Vulnerability in Mediaserver CVE-2016-2499 Moderate Yes Information Disclosure Vulnerability in Activity Manager CVE-2016-2500 Moderate Yes