Published: July 12, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
Google revealed finding at least 90 security flaws in Android and Pixel devices, including those rated “critical” in nature. Their Android Security Bulletin takes a closer look at the security flaws, including the type of flaw, the category it falls into, and the level of severity. Among Google’s findings were two critical vulnerabilities in the System component category of their Android OS, with the balance of System flaws rated as “high severity.” The company says they’ve mitigated all of the flaws with currently available security patches and also urges all users to update their devices as quickly as possible.
One of the two critical System flaws allows for device takeovers. These hacks happen when an attacker takes control over a device remotely, without the need to physically have the device. From there, the hacker can access all stored information on the device including photos, text messages, and other personal data. They can also launch account takeovers (ATO) that can steal sensitive data and your money, among other things.
The other critical System vulnerability allows for an escalation of privileges (EoP) over a device. EoP attacks take advantage of flaws in a system before they’re discovered. They allow an attacker to gain elevated access to a device’s resources that are normally protected by an application or a user. An EoP can be used for credential theft, installing malware, socially engineered attacks and more.
But that’s not all! With both critical System flaws addressed, the rest of the Google System vulnerabilities are rated as “high severity,” with two types listed below:
Multiple vulnerabilities in EoP flaws in other components like the System, the Kernel and Media Framework.
43 flaws in multiple components including System, Media Framework System, Android runtime, Pixel components and more.
Google strongly urges every Android and Pixel user to apply the security patches as soon as humanly possible. If you’re not sure your device has been updated, Google points users to the “Update” option on their device. Those with an update level of 2021-06-05 or later are current. If needed, follow the instructions on the “Google device update schedule.” Remember, the 90+ security flaws found by Google can lead to further attacks until the security updates are applied, so don’t wait to update!
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com