Google released this month’s Android security updates, which contain patches for 46 different vulnerabilities, including one actively exploited zero-day flaw.
As reported by BleepingComputer, the zero-day in question (tracked as CVE-2024-36971) is a use after free vulnerability in the Linux kernel used by Android for controlling network route management.
While exploiting this security flaw requires System execution privileges, Google explained in an Android security bulletin that there are indications that this zero-day “may be under limited, targeted exploitation.” Successful exploitation would allow hackers to execute arbitrary code on unpatched devices without user interaction.
This zero-day was discovered by Google’s own Clément Lecigne, a security researcher for the search giant’s Threat Analysis Group (TAG). As is often the case, though, the company has not provided details on how this flaw is being exploited to give owners of the best Android phones time to patch their devices.
Still, though, security researchers at Google’s TAG are often responsible for finding and disclosing zero-day flaws that state-sponsored hackers use in attacks targeting high-profile individuals such as CEOs, politicians and activists.
How to update your Android smartphone
To address this zero-day and 45 other security flaws, Google has released two sets of patches as part of its August security updates in the form of 2024-08-01 and 2024-08-05. The second patch set includes all the fixes from the first and additional patches for third-party closed-source and Kernel components.
While Google’s Pixel phones get the latest security updates as soon as they’re released, the best Samsung phones and devices from other popular hardware makers could take additional time to start rolling them out to users.
To see if an update is available for your Android phone, you can head to Settings and look for System, Software Update or About Phone, depending on your phone’s manufacturer. From there, tap System update or Software update and then tap Check for update. If an update is available, you can download and install it onto your phone. However, you’re going to want to make sure that your device is charged and connected to Wi-Fi before proceeding with installing any updates. If you need extra help, check out our guide on how to update Android.
Even though the zero-day flaw described above may be under active exploitation by hackers, it’s only being used in targeted attacks, which means that most Android users are likely safe from threats. Still, this is a great reminder to ensure your smartphone is running the latest software.
More from Tom's Guide
