Google's first Pixel Drop of 2025 happened this week with a long list of upgrades for the company's flagship phones, tablets, and watches. Google followed the update closely with the March 2025 Android Security Bulletin, with fixes for 43 malicious bugs—including two zero-day vulnerabilities that may actively be under "limited, targeted exploitation" on devices running Android OS.
The patches cover concerns ranging from flaws that allow attackers to gain remote code execution on vulnerable devices to issues with Qualcomm and MediaTek components. The two zero-day (highest severity) exploits are labeled CVE-2024-43093 and CVE-2024-50302, both of which are "privilege escalation" flaws. According to Bleeping Computer, the former lets attackers access sensitive data by bypassing a file path filter without any additional input from the user. The latter is an issue in the Linux kernel that allows the unlocking of confiscated devices (and has reportedly been used by Serbian law enforcement to target activists).
Zero-days are security vulnerabilities that are publicly disclosed before the developer has an opportunity to issue a patch. Even if the current exploitation is limited to these Serbian authorities, it's important to protect your devices before additional bad actors take advantage of these flaws as well.
How to ensure your Android device is updated
In most cases, all you need to do to fix security flaws on Android is update your device when you receive a notification to do so. Google issues patches for its own Pixel phones and the Android Open Source Project (AOSP) code, and also alerts other manufacturers—like Samsung, Motorola, and OnePlus—when updates are on their way.
Devices running Android 10 and later may get both security updates and Google Play system updates. The current batch of patches applies to AOSP versions 12, 12L, 13, 14, and 15, and the most recent is dated 2025-03-05.
If you're not sure whether your Android device has been updated or believe you may have missed the notification, head to your device settings to locate your Android version (About phone or About tablet > Android version) and check your update status (System > Software update or System update). Follow the on-screen prompts to download and install available patches.
from Lifehacker https://ift.tt/a12HuqV
via IFTTT
 

 by
by 
 
No comments:
Post a Comment