Extremely dangerous vulnerability in Android. Millions of smartphones vulnerable to attack

Google has revealed a serious security flaw in Android that could potentially allow a hacker to completely take over access to any smartphone running this operating system. And this without arousing any suspicion on the part of the device owner.

Serious zero-click vulnerability. You won’t even notice that someone has broken in

number CVE-2023-40088 and is classified as a zero-click vulnerability. This is the most dangerous type of security bug and does not require any interaction from the smartphone owner to exploit. Using the bug, a hacker can remotely upload malware or spyware to almost any Android device. And we probably won’t even notice it.

However, there is one condition. The vulnerability can only be exploited by directly connecting to the victim’s smartphone via Wi-Fi, Bluetooth or NFC. This means that the attacker must be relatively close for a few moments – often even several meters away from the attacked – to have a chance of success. However, this is not difficult in crowded places.

Google has, of course, made the appropriate security patches available in the Android Open Source Project (AOSP) repository for Android 11 and all newer versions. The company’s partners were also notified about the problem in advance. The patch was also included (along with code fixing over 80 other bugs) in the December package (dated December 5) of security patches.

Of course, this does not mean that the problem automatically disappears, because now each Android smartphone manufacturer must independently include the December security package as part of the latest security update. How quickly the error will be patched depends on the manufacturer of the specific device. Unfortunately, practice shows that the pace of issuing such updates is unsatisfactory for some of them. However, it is worth looking out for an Android update in the coming weeks and installing it immediately.