Google Patches Critical Android Zero-Day Security Flaws Exploited by Hackers

Google has mounted two zero-day safety flaws affecting Android units, with the most recent safety replace that started rolling out to customers on Monday. The firm says it’s conscious of the opportunity of these two high-severity vulnerabilities being exploited to focus on customers. One of the issues allows a zero-click exploit that gives hackers with entry to delicate info on a person’s gadget, with out requiring any person interplay. Users ought to replace their Pixel units to make it possible for they’ve the most recent safety patches, whereas different smartphone customers should wait till their smartphone maker rolls out these fixes.

Google Fixes 62 Vulnerabilities Affecting Android Devices

The newest Android security update started rolling out to eligible units on Monday, together with fixes for 2 flaws recognized as CVE-2024-53150 and CVE-2024-53197, two flaws within the USB subcomponent o f the Android Kernel. The latter might enable hackers to remotely achieve elevated privileges on an affected smartphone, and the exploit didn’t want person interplay, in line with Google.

The CVE-2024-53197 was used along side two different vulnerabilities that have been beforehand patched — CVE-2024-53104 and CVE-2024-50302 — to entry an Android smartphone utilized by a Serbian activist, in line with a report. Users with up to date smartphones ought to be protected towards such an exploit.

There’s no phrase from Google on how the CVE-2024-53150 vulnerability was used to focus on customers. The description of the safety flaw on the NIST database reveals that an out-of-bounds flaw found within the USB subcomponent of the Android Kernel might lead to delicate info disclosure.

Meanwhile, Google’s Android safety bulletin for April additionally reveals that 60 different safety vulnerabilities with various severity rankings have been patched with the most recent replace. These embrace a handful of high-severity flaws that allowed hackers to realize elevated privileges on an unpatched smartphone.

Google Pixel customers can obtain the most recent Android replace to their smartphone, which ought to carry the safety patch to 05-04-2024. Other smartphone customers should anticipate a number of weeks (or months in some circumstances) for the related safety updates to succeed in their handsets within the type of a safety replace. Regardless, customers ought to set up the most recent safety patches as quickly as they’re obtainable with a view to stay protected towards the 2 essential vulnerabilities patched by Google.