Android users often hear warnings about dangerous new Google Play Store apps or malware in order to avoid this. And with warnings coming to the left, right, and center, it’s easy to glaze a little when the next “red alarm” hits. However, the latest Android warning is one that Google fans cannot take lightly. Trust us.
The latest warning comes from the horse’s mouth – Google, the company that owns and develops Android. The California search firm this week announced the existence of four new Android vulnerabilities in the wild that bad actors know about – and are actively exploiting.
All four of these vulnerabilities allow threat actors to execute malicious code to take complete control of an Android device. The reason this latest warning is so important to Android users is because such exploits are a rarity. As reported by Threatpost, there have only been six Android bugs since 2014 that could be exploited in the wild.
This means that the four vulnerabilities announced this week account for two-thirds of all zero-day threats Android users have been exposed to since 2014.
READ MORE: With the biggest Android update in years, your phone looks like new
According to the security company Zimperium, Google only reported one zero-day Android vulnerability in 2020. The latest security threat was revealed by Google in a May security bulletin update on Wednesday. Originally published on May 3, the post highlighted 50 security vulnerabilities that Android users had to watch out for. And in the latest update to the bulletin, Google said there were “signs”, four of which “may be of limited and targeted use.”
Maddie Stone, the security researcher at Google’s Project Zero, also added on Twitter: “Android updated security in May with notices that 4 vulns have been exploited in the wild.” All four of these vulnerabilities could allow hackers to take complete control of an Android device, all of which would affect the GPU firmware code. Two can affect the ARM Mali GPU driver while the other two affect the graphics component of the Qualcomm Snapdragon CPU.
DON’T MISS: Want to buy a new Android phone? Pixel 6 leaks can keep you waiting
Asaf Peleg, vice president of strategic projects at Zimperium, told ArsTechnica that successful exploitation of these vulnerabilities would “allow complete control of the victim’s mobile endpoint.”
Peleg added, “From elevating privileges beyond what is available by default, to running code outside of the current process’s existing sandbox, the device would be completely at risk and no data would be secure.”
Android phones using ARM or Qualcomm branded GPUs are the only ones affected by the vulnerability. It is unclear how attackers would exploit such a bug. After all, Google is silent about it
What is certain, however, is that Android users should ensure that they download the May 2021 security update that will address these vulnerabilities as soon as it becomes available to them.
