Google Just Patched a Major Android Security Flaw Already Being Exploited

Update your phone at your earliest convenience.

Google Just Patched a Major Android Security Flaw Already Being Exploited
Screenshot of pixel update

Credit: Lifehacker


Android updates often come with a bunch of security patches and bug fixes as standard, few of which ever get much attention, but the latest security update pushed out by Google is noteworthy: It addresses a vulnerability that may have already been exploited in the wild, which makes it even more important to update your devices as soon as possible.

The vulnerability has been logged under the name CVE-2024-36971, and Google says it "may be under limited, targeted exploitation." In other words, there's the possibility that hackers have already found ways to make use of it, albeit with limited end results or a limited number of devices affected.

It's registered as a high severity remote code execution bug, which means it potentially enables someone else to run code on your device without your knowledge. While there's a very good chance you haven't been hit yet, you should keep an eye on security updates for your phone or tablet. Well-known Google bug squasher Clément Lecigne has been credited with discovering the problem.

There's little in the way of information about how the vulnerability could potentially be exploited, which is as you would expect: Google will be keen not to give away any clues as to the details of the issue or the methods bad actors could use to take advantage of it. Overall, for the month of August, Google has plugged 46 security gaps in Android.

How to update your Android phone

Google Pixel update

What you'll see on a fully updated Pixel phone. Credit: Lifehacker

The good news here is that Android automatically checks for updates in the background, and tells you when they're available and ready to install: You'll usually just have to restart your phone when prompted, and the update is then applied.

If you want to run a manual check for any pending updates, you can do that too. If you're on a Pixel phone, open Settings then choose System > Software updates > System update. Whether or not there's an update available, you'll be able to see when the latest update was installed, and the version of Android you're on.

It's not much different with Samsung Galaxy phones. From Settings, pick Software update to see when your handset was last updated. You can then choose Download and install to see if any updates are in the pipeline, and get them set up on your phone.

The update will roll out at different times for different devices, depending on region and manufacturer. Google told The Hacker News that it's working with hardware partners such as Samsung to make sure the necessary fixes are applied as soon as possible.