Smartphone owners are on alert after Google issued a warning that an Android vulnerability could give intruders access to devices they don’t own.
A message posted to the Android Security Advisory page states that the group has been made aware of a rooting application causing issues on ‘some Android devices’.
After identifying the dangerous download in question, Google’s systems have been updated to minimize the damage done.
Discussing the recent changes, a statement from the group reads:
“For this application to affect a device, the user must first install it. We already block installation of rooting applications that use this vulnerability — both within Google Play and outside of Google Play — using Verify Apps, and have updated our systems to detect applications that use this specific vulnerability.”
As a ‘final layer of defence for the issue’, a patch has been released to tighten up Android security. On top of that, Google has confirmed that ‘Nexus updates are being created and will be released within a few days’.
Unfortunately, the fix remains unavailable on many devices, which means a significant number of Android users are still open to attacks for the time being.
Google was first made aware of the issue after a report from Zimperium showed the weakness had been exploited on a Nexus 5 device. The same source provided evidence proving multiple apps on the Play Store were also taking advantage.
Users running the AOSP version of Android are able to install the patch right away, although folk on other releases have a wait ahead of them. Google’s next major monthly security update lands on April 2, so the same fixes will arrive for the masses in that release.
Whilst Nexus 5 and Nexus 6 owners can rest at ease knowing their devices are protected, other Android users aren’t quite so lucky. We’ll keep you updated at this story develops.
Source: Android Security Advisory