Google has released a new batch of security fixes for Android phones, including one for a serious bug that could let hackers take control of your device. This batch, released in August, includes 46 different fixes, but one stands out because it has already been used by spyware makers. This dangerous bug is known as CVE-2024-36971.
What Is CVE-2024-36971?
CVE-2024-36971 is a bug in the Linux part of the Android operating system. It’s called a “use-after-free” vulnerability, which might sound complicated, but it basically means that the program keeps using a part of the memory that has been released. This bug has a high-severity rating of 7.8 out of 10, meaning it’s pretty serious. If hackers exploit this bug, they could take full control of your phone, potentially from anywhere in the world.
Spyware Makers Are Already Using the Bug
Google doesn’t usually give many details about how these bugs are being used to attack people, but they did mention that CVE-2024-36971 is likely already being used in targeted attacks. This means that some hackers have already found out about this flaw and are using it to spread spyware.
Clément Lecigne from Google’s Threat Analysis Group (TAG) is the one who discovered this bug. TAG keeps an eye on hackers who are sponsored by governments and companies that sell spyware. In 2023, TAG found 25 bugs that were being actively exploited, and 20 of those were used by commercial surveillance vendors. This suggests that the CVE-2024-36971 bug is probably being used in similar ways.
Update Your Android Devices Now
Because this bug is so dangerous, it’s very important to update your Android devices as soon as possible. If you don’t, your phone could be at risk of being taken over by hackers.
Other Important Fixes
While CVE-2024-36971 is the most urgent fix, there are other important updates in this month’s batch as well. For example, there’s a critical flaw known as CVE-2024-23350 in a Qualcomm component. This bug could cause a denial of service, meaning your phone could stop working properly.
Google also fixed 11 high-severity bugs in the Android Framework component. These bugs could allow hackers to gain more control over your device without needing any special permissions.
Google’s Two Patch Levels
This month, Google released two sets of patches. The first set, known as the 2024-08-01 patch level, is specific to Android. The second set, called the 2024-08-05 patch level, includes all the fixes from the first set plus additional patches for the Kernel and third-party components from companies like Arm, Imagination Technologies, MediaTek, and Qualcomm.
More Fixes Coming Soon
This batch of patches is just a preview of what’s coming next week during the August Patch Tuesday event. During this event, Microsoft and other companies will release even more fixes for various bugs, so be sure to keep your devices updated.
If you own an Android device, make sure to install these updates as soon as possible to keep your phone safe from hackers. Staying updated is one of the best ways to protect yourself from being targeted by spyware and other malicious attacks. Stay safe and keep your devices secure!