• Source:JND
Add as a preferred

Android Security Update: Google has rolled out a fresh Android security update, patching two critical zero-day vulnerabilities that could have exposed user data without any action required from the victim. The update, which began reaching users on Monday, addresses high-risk flaws in the USB components of the Android Kernel—issues Google confirmed may have already been exploited in the wild.

One of the flaws, CVE-2024-53197, is especially dangerous. It allows for a “zero-click” exploit, meaning hackers could gain elevated access to a device remotely, without the user tapping or clicking anything. According to reports, this exploit was used alongside two previously fixed vulnerabilities (CVE-2024-53104 and CVE-2024-50302) to compromise the phone of a Serbian activist. The second flaw, CVE-2024-53150, is tied to an out-of-bounds issue in the USB subsystem that could expose sensitive information. Google hasn’t released details on how this one may have been used, but it’s also considered a high-severity threat.

ALSO READ: WhatsApp Gets A Big Upgrade: Events In Chats, Pinch-To-Zoom Calls, And Channel QR Codes

In total, this month’s Android security bulletin includes patches for 62 vulnerabilities of varying severity, some of which could have allowed attackers to escalate privileges on an affected device.

Pixel users are the first to receive the April 5th, 2024 patch and are encouraged to update their devices right away. Unfortunately, users on other Android phones will have to wait for their manufacturers to push the update—which could take weeks, or even months, depending on the brand and model.

While the fragmented nature of Android updates remains a pain point, the message is clear: once your device gets this patch, install it immediately. These vulnerabilities are serious, and the sooner you update, the safer your device will be.

ALSO READ: CMF Phone 2 Pro’s Rear Panel Revealed In Teaser, Hints At Interchangeable Design