Table of Contents
The tech giant and the creator of the system software ‘Android’, Google, has urged the android smartphone users to update to the latest security patch that they have rolled out for the purpose of keeping them safe during zero-day vulnerability.
The zero day exploitations are computer codes taking advantage of the software. The android software with their open source nature and availability in abundance, they are the go-to target for hackers and cyber criminals alike.
These zero-day vulnerabilities happen when in this case, Google suffers with a bug which gives the hackers a window of opportunity to abuse it. In fact, these zero-day vulnerabilities take up a major chunk of the cyber attacks that happen. A report by SEQRITE, states that up to 30% of the malware attacks occur from zero-day exploits.
It is not of common knowledge that these vulnerabilities are not discovered by the manufacturers or the vendors but may have already been exploited by the threat actors and cybercriminals.
These are the reasons why Google has specifically urged their android users to update their devices to the latest security patch to fix the zero-day vulnerabilities.
Source: Zero-Day Vulnerability
According to a report by HackerNews, Google has stated in their Android Security Bulletin for the month of September 2024 that a critical vulnerability ’CVE-2023-35674’ has been revealed in the android framework and the system components. Google did not reveal as to how the exploitation will occur by the cyber criminals, but they did state that there are certain indicators about how ‘CVE-2023-35674’ is being exploited in a limited yet targeted manner.
Other Flaws in the System
Apart from the vulnerability stated above, this month’s security patch also fixes other escalated flaws in the android framework. Google states that the most severe exploitation of the android framework in zero-day may lead to the escalation of privileges at the local level with no surplus execution privileges needed. On top of that, user interaction is not required for this purpose.
Possible Critical Flaws
On the other hand, the most critical of flaws in the system/framework may lead to remote (proximal/adjacent) code execution with no surplus execution privileges needed. Here as well, user interaction is not a requisite.
The report further elaborates on how Google has fixed 2 vulnerabilities in MediaProvider, 7 in the framework of android and 14 in the system module. However, the fix for the former will be rolled out later in a Google Play update.
Therefore, the android software users are advised to update their devices as soon as they can to avoid exploitation by cybercriminals, hackers and thread actors alike.
Previous Accounts of Zero-Day
Earlier accounts of zero-day vulnerabilities were the Chrome’s June 2024 issue, the massive February 2021 Chrome’s vulnerability that went on for a couple of days and the Stuxnet Worm in the year 2010 which exploited four kinds of vulnerabilities in Microsoft’s Windows operating system.
Steps of Updating your Android Smartphone
Step 1: For the purpose of updating your smartphone to the latest android version, firstly, head over to the phone’s settings.
Step 2: Next, select software updates and subsequently check for any new update.
Step 3: if there is any available update or security patch, it will be displayed and thereby, select ‘Update your Phone” in order to download the update and install.
