Google fixes important Android flaw that may very well be exploited to hack your cellphone remotely
In context: Android is commonly accused of being susceptible to varied safety vulnerabilities that would have an effect on person privateness. Whereas Google has taken quite a few steps to make the OS safer, issues hold cropping up now and again. This week, Google stated it found a important safety vulnerability that would permit zero-click distant code execution (RCE).
Tracked as CVE-2023-40088, the flaw was present in Android’s System part and is rated by Google as ‘Vital’ severity. In keeping with the National Vulnerability Database, the issue arises throughout a callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, when reminiscence may very well be corrupted attributable to a use-after-free. This might result in distant code execution with no extra privileges and with none person interplay.
There is no phrase on whether or not the bug has already been exploited within the wild, however Google says it has issued a patch to repair the issue as a part of the December 2023 safety bulletin. In keeping with the release notes, the repair is suitable solely with newer Android variations, starting from Android 11 to Android 14.
It’s value noting right here that Google issuing a patch is barely step one in the direction of securing finish customers, as every vendor or service nonetheless has to roll out its personal replace to repair the bug. Due to this fact, until you are utilizing a Pixel, you will have to attend a number of weeks for the replace, and a few gadgets could by no means obtain it.
Along with the aforementioned bug, Google mounted 84 extra safety vulnerabilities as a part of the December replace. Three of those are rated as ‘Vital,’ whereas the remainder are listed as ‘Excessive’ severity. A number of different vulnerabilities have an effect on Qualcomm closed-source parts and are described intimately within the newest Qualcomm safety bulletin. One in every of these vulnerabilities is listed as ‘Vital,’ whereas the remainder as rated as ‘Excessive.’
With safety changing into an more and more thorny difficulty for Android customers, Google says it’s engaged on new methods to spice up the safety of its cellular OS. First off, the corporate is introducing compiler-based sanitizers to catch reminiscence issues of safety early on within the software program improvement course of. Subsequent, it’s working with {hardware} companions so as to add reminiscence security options on the firmware stage. Lastly, the corporate is implementing numerous measures to make it more durable for hackers to take advantage of unknown bugs.
