Download The Android October Security Update ASAP

Photo: Quiebits, Shutterstock

Google’s monthly Android security fixes are normally just for Google devices, but Samsung, Motorola, LG, Oppo, Huawei and Xiaomi are all rolling out their own versions of the October 2019 security update to patch a major zero-day security vulnerability present on several Android smartphones. Those with vulnerable phones should make sure they download the patch as soon as it’s available sometime in the next few days.

MALWARE ALERT: Update These Android Phones ASAP

Researchers at Google have discovered a new zero-day exploit in Android that has the potential to infect millions of devices. The vulnerability is located in the kernel of the OS and has already been used by bad actors in the wild. Here are the phones known to be affected, including models from Google, Samsung and Huawei.

Read more

The bug — which shows up in the security patch notes as CVE-2019-2215 — allows a hacker to remotely root and take complete control of a device, though it requires the victim to install an infected app first (or the hacker uses the exploit in conjunction with a Chrome-based loophole to deploy the attack).

The exploit is present on the following phones, though Google’s Project Zero cautions that other handsets could be affected as well:

  • Google Pixel, Pixel XL, Pixel 2 and 2 XL

  • Samsung Galaxy S7, S8 and S9

  • Huawei P20

  • LG models running Android Oreo

  • Motorola Moto Z3

  • Oppo A3

  • Xiaomi A1, Redmi 5A, and Redmi Note 5

Google will start rolling out the October 2019 security patch Tuesday, and other manufacturers will likely have their own version live within the next few days. Keep an eye out for automatic update notifications, or check for the patch yourself by going to your phone’s Settings app and searching for “System Update.” (The exact pathway will differ depending on your device and version of Android.)

Google Project Zero reports that the bug has been successfully exploited, which raises some big questions regarding who is using it and why. The exploit itself was created by the Israeli online security firm NSO, who denies that it or any of its clients — which mostly consists of government groups and national security organisations — are actively using the exploit.

While it’s unlikely average Android users will be targeted by whoever is exploiting the bug, it’s severe enough that everyone should install the October 2019 security update once it’s available on their specific device, and those using any of the smartphones listed above should take extra care in the meantime.

That means resisting the urge to install apps from unknown sources, installing a good anti-virus app, and being smart about your browsing — maybe even consider using a non-Chrome mobile browser.

If you’re interested in reading more about the bug and how it works, check out Ars Technica’s full report.


Comments

    There is no doubt Life Hacker is at the forefront in publishing issues such as this one, and is now a highly valued "go to place"

    Drawn to improvement; may I suggest including the number of affected devices as some readers are taking the "ASAP" and the likes to heart when nil devices are affected thus far.

    Last edited 10/10/19 1:15 pm

Join the discussion!

Trending Stories Right Now