A massive gap has appeared in Android, which can cause permanent damage to mobile phones. Attackers should also succeed in taking over Android smartphones completely. An update should now eliminate the critical security holes – but it will not reach all users.
languages:German, English, French
Android: New security patch closes gaps
Google has released the November update for Android and has fixed some issues that could potentially paralyze users’ phones permanently. There is talk of a “permanent denial of service”. Meanwhile, Google has not revealed whether the vulnerability has already been exploited by attackers. The company calls the problem “critical”, because users of Android cannot defend themselves against attacks with usual means. It is sufficient to receive a simple text message
Details of the gap remain unclear. Google has not made public how exactly attackers can intervene in the Android framework. It is certain, however, that many Android smartphones are potentially affected, as the gap is filled under Android 8.0, 8.1, 9, 10 and 11. Android 8.0 was released more than three years ago, in August 2017 to be precise.
Another “critical” vulnerability that will be fixed with the November update for Android concerns files that are opened by the user inadvertently. If attackers have prepared them, they can execute code with system privileges “up close”. Whether this is a problem related to NFC, Bluetooth or WLAN has not been revealed.
In the video: These apps belong on every mobile phone.
Android: Update not for all users
Google itself does not distribute the monthly updates directly to users, but to the respective manufacturers. These in turn then distribute the updates among their customers. Many security updates, however, still only arrive in newer phones that were launched in the last two or three years, depending on the manufacturer. Owners of older smartphones do not receive the update accordingly.
After all, it is now possible for Google to take action itself via the “Project Mainline” and distribute some updates – or even parts of them – without the help of the smartphone manufacturers. In the case of the now released update, for example, this concerns the gap in the media framework of Android.
Read the original article here.