2 min read

Critical Android security patches released - but will your phone ever see them?

Graham CLULEY

May 03, 2017

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Critical Android security patches released - but will your phone ever see them?

Google has released new security patches for its Android operating system this week, tackling a wide array of vulnerabilities that could be exploited by malicious attackers.

The most critical of the patched vulnerabilities address security flaws in its troubled Mediaserver component, that could be exploited by a malicious hacker to execute code remotely on targeted devices.

In recent years, Mediaserver has often been seen as a weakspot in Android as flaws have been found in the way that Android handles multimedia content (images and video files).

A typical attack scenario might see a remote attacker attempting to infect your Android smartphone with malware, simply by tricking you into opening an email, opening an MMS or browsing a website containing a boobytrapped media file.

What may surprise some users is that an attack can even happen while you’re tucked up in bed, dreaming of Sundar Pichai, as your smartphone may process a boobytrapped file – sent via a messaging app – while you sleep.

According to the Android security bulletin, exploitation of the security vulnerabilities is “made more difficult by enhancements in newer versions of the Android platform.”

For this reason, Google encourages all users to “update to the latest version of Android where possible.”

Wise words, and ones I agree with. But the problem remains that many Android users find it impossible to update their devices.

As we described earlier this year, the problem of unpatched devices is more acute on Android than it is on Apple iOS, because iPhone and iPad users find it far easier to access and install the latest security patches.

With an Android device, whether you will ever receive a security update or operating system upgrade depends on Google, your smartphone’s manufacturer, and your carrier all acting in co-operation. This is the fundamental reason why so many devices are still running out-of-date versions of Android.

If you buy a phone that Google itself has manufactured then things are likely to run smoother, of course. But many consumers have chosen cheaper Android devices – and find themselves left behind with an out-of-date, vulnerable operating system on their phone or tablet.

Even Google smartphone owners can’t necessarily feel confident that they will always receive patches. Just last week Google revealed that its Nexus 6 and Nexus 9 devices, released in November 2014, would no longer be “guaranteed” to receive security updates after October 2017. A similar fate will befall newer Pixel and Pixel XL devices in October 2019.

Their only solace is that Google says it has received no reports of any of these vulnerabilities being actively exploited in the wild, although – of course – often criminals only start to experiment with a flaw when details of the problem become public.

Let”s hope that manufacturers and service providers work closely and quickly together to ensure that over-the-air patches are issued in a timely fashion, and that we do not see a repeat of the all too common appearance where many Android owners are treated poorly and no officially-sanctioned security updates are made available to them – regardless of whether they are keen to update their devices or not.

For more information on the latest Android security issues, be sure to read the official bulletin. Warning: it’s a long list, you’re likely to be scrolling for quite a while.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read