Google's January security update for the Android Nexus devices patches 12 vulnerabilities, of which five were rated as critical severity, two as high, and five as moderate. The latest over-the-air (OTA) update is part of the Android Security Bulletin Monthly Release process. The Nexus firmware images have also been released to the Google Developer site. Builds LMY49F or later and Android 6.0 with Security Patch Level of January 1, 2016 or later address these issues.

The January update will be rolled out to supported Nexus devices -- Nexus 5, 6, 5X, and 6P smartphones and Nexus 7, 9, and 10 tablets -- as an over-the-air update. Each phone manufacturer has to work with individual phone carriers to push out individual device updates.

Android users can check the firmware version on their devices to see if the updates have been applied. Devices with builds LMY49F or later include the patches. Users with devices running Android Marshmallow can look up the Security Patch Level under Settings > About Phone.

The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.

Google says it has had no reports of active customer exploitation of these newly reported issues.