Google Android security issues seem to be happening more often than ever before. Only last week, I reported that the figures detailing reported issues for September appeared to be higher than previous months.
Also last week, Forbes associate editor Thomas Brewster reported that Google’s Project Zero had found a major vulnerability affecting hundreds of millions of Android phones, including its own Pixel 1 and 2 devices. The weakness is already actively being used against targets of the Israeli spyware dealer NSO Group, Google claimed.
The issue, tracked in technical terms as CVE-2019-2215, enables an attacker who is able to gain access (either by physical means, or remotely via for example a malicious application) to control your device.
Google has acknowledged the need to fix this issue sharpish and is addressing the vulnerability along with other security issues via its October patches. First up is the Pixel update bulletin for October. “Pixel 1 and Pixel 2 devices will receive the patch for CVE-2019-2215 as part of the October update,” the bulletin said, adding that Pixel 3 and Pixel 3a devices are not vulnerable to this issue.
Separately, Google has also detailed fixes for the CVE-2019-2215 vulnerability and other security issues in its Android security bulletin for October.
Google Android October security update: When can I get it?
The October 2019 patch starts to roll out from today (October 8) to Google phone users, with other affected smartphone users likely to receive theirs within the coming days.
In order to check for the patch, go to your phone’s settings and search for “system update.” The CVE-2019-2215 issue is unlikely to affect most users, however it is a severe problem that does carry risk, says independent security researcher Sean Wright. “Users should patch as soon as they can,” he advises.
Ethical hacker John Opdenakker agrees, saying: “The fact that this vulnerability allows an attacker to gain root access to people’s devices means that you should install the updates as soon as they’re available.”
However, Opdenakker adds that the CVE-2019-2215 vulnerability is luckily not trivial to exploit: several conditions must be met. “Given the effort that has to be done to exploit the vulnerability, it will probably be used in very targeted attacks.”
It should be clear to say, if the updates are available to you, you need to patch now. Patching in general is good security practice and keeps your phone as safe as possible from threats that can be exploited by hackers.
Other things you need to do to stay secure when using the open and fragmented Android operating system include using anti-virus and checking the permissions you allow your apps.
In general, says Wright: “Avoid installing apps outside of the official app stores such as Google Play.”