Google has addressed two critical zero-day security vulnerabilities that affect Android devices with the release of a new security update, which began distribution on Monday. The tech giant has indicated that these high-severity flaws could potentially be exploited to compromise user data. One of these vulnerabilities facilitates a zero-click exploit, allowing cybercriminals to access sensitive information on a user’s device without any interaction from the user. To ensure safety, Pixel device owners are urged to install the latest security patches, while users of other smartphones will need to await updates from their device manufacturers.
Google Resolves 62 Security Issues in Android Devices
The most recent Android security update commenced its rollout to eligible devices on Monday, addressing flaws identified as CVE-2024-53150 and CVE-2024-53197, both relating to the USB subcomponent of the Android Kernel. According to Google, the latter vulnerability could enable hackers to remotely gain elevated privileges on affected smartphones without requiring any user action.
The CVE-2024-53197 flaw was reportedly exploited in conjunction with two previously patched vulnerabilities, CVE-2024-53104 and CVE-2024-50302, to target an Android device belonging to a Serbian activist, based on a report. Users who have updated their devices should be protected against similar exploits.
Details regarding how the CVE-2024-53150 vulnerability was utilized to target users remain undisclosed by Google. The NIST database description of this security flaw indicates that an out-of-bounds issue found in the USB subcomponent of the Android Kernel could lead to the disclosure of sensitive information.
In addition, Google’s April Android security bulletin has revealed that 60 other vulnerabilities, with various severity ratings, have been addressed in this update. Among these are a number of high-severity flaws that would allow hackers to elevate their privileges on unpatched devices.
Google Pixel users can download the latest Android update, which upgrades the security patch to 05-04-2024. Other smartphone users may need to wait several weeks, or in some cases months, for their respective manufacturers to push the necessary security updates to their devices. It is advisable for users to install the latest security patches as soon as they become available to remain safeguarded against the critical vulnerabilities fixed by Google.
