It’s also easier for hackers and cybercriminals to exploit zero-days which have been addressed by Google since technical details about them and even proof-of-concept exploits may have already been published by security researchers. During this time, you could fall victim to Android malware that exploits zero-days which have technically already been patched. The annoying thing here is even if you buy the latest smartphone from your favorite device manufacturer - let’s say like me it’s OnePlus and you pick up a OnePlus 11 for instance - you could end up waiting months for security updates despite having a brand new smartphone. Even then, this is only for the smartphone models they currently support and those with older Android phones, won’t get them at all. When the search giant does release a new Android security update, it can often take device manufacturers up to three months to make these patches available. In addition to Android fragmentation where device manufacturers hold off on updating their phones with the latest version of Google’s mobile operating system, patch gaps are a huge problem for Android and they’ve been a thorn in its side for quite some time. For instance, the company’s Threat Analysis Group noted in its report that last year, “attackers didn’t need 0-day exploits and instead were able to use n-days that functioned as 0-days.”īy using known exploitation methods or developing their own, attackers can leverage n-days to launch attacks against unpatched Android smartphones for months even though Google has already patched them. ![]() The problem here is hackers can use n-days instead of zero-days to launch attacks on vulnerable Android smartphones which have yet to receive the latest security updates from Google. Though once Google does become aware of the flaw, it becomes an n-day with the letter ‘n’ representing the number of days that have passed since its discovery. ![]() As BleepingComputer points out, if a software bug is discovered in Android before Google finds out about it, it’s a zero-day. ![]() An n-day vulnerability is a bit different and while it’s also a serious security flaw, information about it has been released publicly, though there may or may not be a patch available.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |