Google fixes important Android flaw that would be exploited to hack your phone remotely

Android is frequently accused of being prone to numerous protection vulnerabilities that could affect consumer privateness. While Google has taken numerous steps to make the OS safer, issues hold cropping up sometimes. This week, Google said it located a critical security vulnerability that might permit zero-click remote code execution (RCE).

Tracked as CVE-2023-40088, the flaw became determined in Android's System aspect and is rated through Google as 'Critical' severity. According to the National Vulnerability Database, the hassle arises in the course of a callback thread event of com android bluetooth btservice AdapterService.Cpp, when memory can be corrupted because of a use-after-unfastened. This ought to result in faraway code execution with out a extra privileges and without any consumer interplay.

There's no word on whether the malicious program has already been exploited in the wild, but Google says it has issued a patch to restoration the trouble as a part of the December 2023 protection bulletin. According to the release notes, the restoration is like minded only with more moderen Android versions, starting from Android 11 to Android 14.

It is worth noting here that Google issuing a patch is best the first step towards securing quit users, as every vendor or provider still has to roll out its very own update to restoration the bug. Therefore, unless you're the use of a Pixel, you may must wait several weeks for the replace, and a few devices might also in no way receive it.

In addition to the aforementioned bug, Google constant 84 extra protection vulnerabilities as part of the December update. Three of those are rated as 'Critical,' even as the relaxation are listed as 'High' severity. Several different vulnerabilities affect Qualcomm closed-source components and are described in element within the today's Qualcomm safety bulletin. One of those vulnerabilities is listed as 'Critical,' while the relaxation as rated as 'High.'

With protection turning into an increasingly more thorny problem for Android customers, Google says it is operating on new methods to reinforce the security of its mobile OS. First off, the enterprise is introducing compiler-based totally sanitizers to seize memory safety issues early on within the software program improvement procedure. Next, it is working with hardware partners to feature memory protection features at the firmware stage. Finally, the corporation is enforcing numerous measures to make it more difficult for hackers to make the most unknown insects.