Google just fixed 46 security flaws, including an actively exploited zero-day — update your Android phone now
New Android kernel vulnerability allows for arbitrary code execution without user interaction
Google released this month’s Android security updates, which contain patches for 46 different vulnerabilities, including one actively exploited zero-day flaw.
As reported by BleepingComputer, the zero-day in question (tracked as CVE-2024-36971) is a use after free vulnerability in the Linux kernel used by Android for controlling network route management.
While exploiting this security flaw requires System execution privileges, Google explained in an Android security bulletin that there are indications that this zero-day “may be under limited, targeted exploitation.” Successful exploitation would allow hackers to execute arbitrary code on unpatched devices without user interaction.
This zero-day was discovered by Google’s own Clément Lecigne, a security researcher for the search giant’s Threat Analysis Group (TAG). As is often the case, though, the company has not provided details on how this flaw is being exploited to give owners of the best Android phones time to patch their devices.
Still, though, security researchers at Google’s TAG are often responsible for finding and disclosing zero-day flaws that state-sponsored hackers use in attacks targeting high-profile individuals such as CEOs, politicians and activists.
How to update your Android smartphone
To address this zero-day and 45 other security flaws, Google has released two sets of patches as part of its August security updates in the form of 2024-08-01 and 2024-08-05. The second patch set includes all the fixes from the first and additional patches for third-party closed-source and Kernel components.
While Google’s Pixel phones get the latest security updates as soon as they’re released, the best Samsung phones and devices from other popular hardware makers could take additional time to start rolling them out to users.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
To see if an update is available for your Android phone, you can head to Settings and look for System, Software Update or About Phone, depending on your phone’s manufacturer. From there, tap System update or Software update and then tap Check for update. If an update is available, you can download and install it onto your phone. However, you’re going to want to make sure that your device is charged and connected to Wi-Fi before proceeding with installing any updates. If you need extra help, check out our guide on how to update Android.
Even though the zero-day flaw described above may be under active exploitation by hackers, it’s only being used in targeted attacks, which means that most Android users are likely safe from threats. Still, this is a great reminder to ensure your smartphone is running the latest software.
More from Tom's Guide
Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.