Google Rolls Out Update to Address Two Android Zero-Day Bugs

Google urgently repairs two key zero-day vulnerabilities in the Android system to prevent remote attacks. One of the vulnerabilities allows an attacker to access an Android device through unauthorized system components. Please update your Android device to the latest software version immediately to prevent potential vulnerabilities.

Your Android phone may be at risk. Security researchers have discovered some serious system vulnerabilities that hackers are actively exploiting for attacks. Be sure to pay attention to this issue.

Google recently released an urgent Android system update to resolve two "zero-day vulnerabilities". These are not ordinary software errors, but security vulnerabilities that were previously unknown to developers, and worse, these vulnerabilities have been used for actual attacks and may have caused some Android devices to be compromised. Google acknowledges that these vulnerabilities “may be subject to limited, targeted exploitation”, which should be taken seriously.

One of the key vulnerabilities, called "CVE-2024-53197", was discovered by Amnesty International and Benoît Sevens of Google's Threat Analysis Team. This team at Google focuses specifically on cyberattacks that seem to be backed by the government. Cellebrite, a company that sells mobile phone unlocking and forensic analysis tools to law enforcement, is leveraging three zero-day vulnerability chains to unauthorized access to Android devices, according to the results of Amnesty International.

Related##### Why are there so many zero-day vulnerabilities?

Cyber ​​criminals exploit zero-day vulnerabilities to hack computers and networks. Zero-day exploits seem to be increasing, but is that true? Can you protect yourself? We will dig into these details in depth.

The vulnerability was reportedly used to attack a Serbian student activist. The group claims local authorities used the security breach to attack its devices. This is a real-world example of the severity of these zero-day vulnerabilities.

The second fixed vulnerability ("CVE-2024-53150") has less information. It was also discovered by Google's Benoît Sevens, a vulnerability that exists in the core of the Android operating system, the kernel. This level of vulnerability could allow an attacker to gain deep control of the affected device.

Google has not commented on such vulnerabilities yet. Amnesty International has no more information to share at the moment. However, the severity of the situation can be seen from Google's security announcements.

The most serious of these issues is a critical security vulnerability in system components that can lead to remote permission elevation without any additional execution permissions. Vulnerability exploits require no user interaction.

The last sentence is the most worrying. This means that malicious actors can hack your device without even clicking on suspicious links or installing harmful applications.

Google said it will release source code patches for the two key zero-day vulnerabilities within 48 hours of issuing the security announcement. While this is good news, it still needs to go through the regular process to get to your device. Since Android is an open source operating system, it is the responsibility of mobile phone manufacturers to obtain these patches and integrate them into their software updates for specific devices.

Google has informed its Android partners about these issues at least a month ago to give manufacturers time to prepare and roll out updates to customers. However, it is not yet certain when these updates will be available.

So, what should you do? The only thing you can do is make sure your Android device has been updated to the latest available software version and install any updates as soon as possible. At the same time, it is always a good practice to develop the habit of clicking on links and installing applications, even in this particular case, more serious vulnerabilities do not require user interaction.

The above is the detailed content of Google Rolls Out Update to Address Two Android Zero-Day Bugs. For more information, please follow other related articles on the PHP Chinese website!