If you're one of the 1.5 billion people using Android smartphones and tablets, you need to know about these serious security flaws. But, don't be fooled, this isn't an everyday alert.
There's a really good chance your smartphone and tablet hasn't been patched yet. While Google has issued over-the-air patches for its own Nexus phones, the many other manufacturers who make Androids may or may not have fixed these problems. Some of these flaws let hackers remotely execute code your phone and others brick your system, meaning you can't even turn it on.
There are eight critical vulnerabilities, including one in Mediaserver. That was at the heart of last year's huge Stagefright malware attacks. (Those attacks triggered Google to issue monthly Android Security Bulletins.)
In this new Mediaserver flaw, a hacker can remotely take over your phone and corrupt its memory. It affects all Android smartphones and tablets.
Other high-severity flaws allow hackers to operate a malicious app to run code on your phone. These flaws affect Qualcomm's video driver, sound driver, GPU driver and Wi-Fi driver. Hackers can also use these flaws to brick your system. These specific flaws are only affecting Nexus phones.
The other critical flaw is video playback format known as libwebm. In this case, a hacker can remotely run code on your phone.
Note: Keep reading for the steps you need to take to protect your phone and all the valuable information you have on it.
Google also issued patches for 28 high-severity flaws. One dozen of these also affect Mediaserver.
Although Google has issued patches for these flaws, your phone's safety is far from guaranteed. Google and the federal government are warning Android manufacturers they need to do a much better job of updating security patches.
Last month, the Federal Communications Commission and Federal Trade Commission began investigating how phone makers decide to patch security flaws. Among the companies receiving letters about this investigation were Apple, Google, HTC, LG, Microsoft, Samsung and others.
Note: Google only releases security patches for Android versions 4.4.4 through 6.0.1. If your OS is older than that, you should update your phone or at least make certain that you have an Android Internet security system on your phone.
To check which version of Android is on your smartphone, try this. (The how-to steps will vary slightly for different manufacturers.) Settings >> About Phone >> Software Information >> look for Android Version.
Here's what you need to do:
- Nexus users - you don't need to do anything
- Update your system: Settings >> About Phone >> System Update >> Check Now (steps may vary, depending on your phone's manufacturer)
- Make sure you have an up-to-date Internet security system on your Android.