Google Patches Critical Android Zero-Day Security Flaws Exploited by Hackers

Google has mounted two zero-day safety flaws affecting Android units, with the newest safety replace that started rolling out to customers on Monday. The firm says it’s conscious of the opportunity of these two high-severity vulnerabilities being exploited to focus on customers. One of the issues allows a zero-click exploit that gives hackers with entry to delicate info on a consumer’s system, with out requiring any consumer interplay. Users ought to replace their Pixel units to be sure that they’ve the newest safety patches, whereas different smartphone customers should wait till their smartphone maker rolls out these fixes.

Google Fixes 62 Vulnerabilities Affecting Android Devices

The newest Android safety replace started rolling out to eligible units on Monday, together with fixes for 2 flaws recognized as CVE-2024-53150 and CVE-2024-53197, two flaws within the USB subcomponent o f the Android Kernel. The latter might permit hackers to remotely acquire elevated privileges on an affected smartphone, and the exploit didn’t want consumer interplay, in accordance with Google.

The CVE-2024-53197 was used along with two different vulnerabilities that had been beforehand patched — CVE-2024-53104 and CVE-2024-50302 — to entry an Android smartphone used by a Serbian activist, in accordance with a report. Users with up to date smartphones must be protected in opposition to such an exploit.

There’s no phrase from Google on how the CVE-2024-53150 vulnerability was used to focus on customers. The description of the safety flaw on the NIST database reveals that an out-of-bounds flaw found within the USB subcomponent of the Android Kernel might end in delicate info disclosure.

Meanwhile, Google’s Android safety bulletin for April additionally reveals that 60 different safety vulnerabilities with various severity rankings have been patched with the newest replace. These embody a handful of high-severity flaws that allowed hackers to realize elevated privileges on an unpatched smartphone.

Google Pixel customers can obtain the newest Android replace to their smartphone, which ought to convey the safety patch to 05-04-2024. Other smartphone customers should look ahead to a number of weeks (or months in some instances) for the related safety updates to achieve their handsets within the type of a safety replace. Regardless, customers ought to set up the newest safety patches as quickly as they’re out there to be able to stay protected in opposition to the 2 essential vulnerabilities patched by Google.