Summary
- Google patched two critical zero-day vulnerabilities in Android to prevent remote attacks.
- One of the vulnerabilities allowed unauthorized access to Android devices through system components.
- Ensure your Android device is updated to the latest software version to protect against potential exploits.
Your Android phone might be at risk. Security researchers have uncovered a couple of serious flaws that hackers have been actively exploiting. You’ll want to pay attention to this.
Google recently rolled out an urgent update to Android to address a pair of what are known as “zero-day vulnerabilities.” These aren’t just routine bugs–they’re security holes that were previously unknown to the developers and, worse, ones that have already been used to potentially compromise Android devices in the wild. The company itself has acknowledged that these flaws “may be under limited, targeted exploitation,” which should raise some eyebrows.
One of these critical vulnerabilities, known as “CVE-2024-53197,” was brought to light through a collaboration between Amnesty International and Benoît Sevens from Google’s Threat Analysis Group. This particular team at Google keeps an eye on cyberattacks that appear to be backed by governments. The findings from Amnesty International revealed that Cellebrite, a company known for selling phone unlocking and forensic analysis tools to law enforcement, was exploiting a chain of three zero-day vulnerabilities to gain unauthorized access to Android devices.
Related
Why Are There So Many Zero-Day Security Holes?
Cybercriminals use zero-day vulnerabilities to break into computers and networks. Zero-day exploits seem to be on the rise, but is that really the case? And can you defend yourself? We look at the details.
This vulnerability was reportedly used against a Serbian student activist. The organization claims that local authorities leveraged this security flaw to target their device. This is a real-world example of how serious these zero-day vulnerabilities can be.
We don’t know as much about the second patched vulnerability (“CVE-2024-53150”). It was also discovered by Google’s Benoît Sevens, and this particular flaw resided within the kernel, which is the core of the Android operating system. A vulnerability at this level can allow attackers to gain deep control over an affected device.
Google hasn’t yet provided further comments on these specific vulnerabilities. Amnesty International also doesn’t have any additional information to share at this time. However, the gravity of the situation is clear from Google’s security advisory.
The most severe of these issues is a critical security vulnerability in the System component that could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
That last sentence is the most concerning. This means that a malicious actor could potentially compromise your device without you even clicking a suspicious link or installing a harmful app.
Google said it would be pushing out the source code patches for these two critical zero-days within 48 hours of their advisory. While this is good news, it’ll still need to go through the usual routine to get to your device. Because Android is an open-source operating system, the responsibility falls on phone manufacturers to take these patches and integrate them into their own software updates for their specific devices.
Google has given its Android partners a heads-up about these issues at least a month prior to public disclosure. This should give manufacturers time to prepare and roll out updates to their customers. However, it’s anyone’s best guess when they’ll actually be available.
So, what should you do? The only thing you can really do is make sure your Android device is updated to the latest available software version and install any updates as soon as you can. In the meantime, it’s always a good practice to be cautious about links you click and apps you install, even though, in this particular case, no user interaction was needed for the more severe vulnerability.
Source: TechCrunch
Related
By updating your Android phone or tablet, you get the latest bug fixes, general performance and stability improvements, as well as possibly new features. It’s quick, easy, and free to update your Android device and we’ll show you how.
