Android is urging its users to update their phones immediately after finding bugs that have been exploited by hackers.
On Monday (April 8), Google released an update for Android in order to fix the issue.
In a post, it read that the update made ‘Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform’.
The post added: “We encourage all users to update to the latest version of Android where possible.”
Advert
The tech giant warned that the bugs ‘may be under limited, targeted exploitation’, meaning it is aware of hackers using the bug to infiltrate Android phones.
In its advisory to customers, Google said that ‘the most severe of these issues is a critical security vulnerability in the System component that could lead to remote escalation of privilege with no additional execution privileges needed’.
It also revealed that ‘user interaction is not needed for exploitation’, with the two cyber bugs being known to Google as CVE-2024-53150 and CVE-2024-53197.
Android partners are given a month’s notice of all issues with the system at least one month before publication.
Google said in its statement that it intends to push source code patches for the bugs within 48 hours.
However, due to Android being open source, this means that every phone manufacturer will now also need to push out patches to their users for the bug fix.
Now, Android users are being urged to update their devices immediately.
Speaking to the Sun, Adam Boynton, who is the senior security strategy manager at software firm Jamf, said: “With two vulnerabilities currently being exploited by cyber criminals, it’s absolutely essential that Android users update their devices immediately.”
He went on to say: “CVE-2024-53150 would allow an attacker to access sensitive information without user interaction.
“While CVE-2024-53197 could lead to memory corruption or even privilege escalation if exploited by attackers.”
According to a report by Amnesty International, one of these vulnerabilities was being exploited by hackers to target the phone of a Serbian student activist.
In the report, the organization said: “Amnesty International’s Security Lab, in collaboration with Amnesty’s European Regional Office, has uncovered a new case of misuse of a Cellebrite product to break into the phone of a youth activist in Serbia.”
It added: “This technical briefing provides a detailed analysis of how the Android phone of one student protester was exploited and unlocked by a sophisticated zero-day exploit chain targeting Android USB drivers, developed by Cellebrite.”