Google has alerted Android device users to the existence of two highly critical security flaws, which can be exploited to steal information or enable malicious applications to obtain unauthorized privileges, placing approximately one billion devices worldwide at risk. The company indicated that more than 30% of phones will not receive the necessary official updates, especially those relying on Android version 12 or older.
The first flaw directly affects essential elements of the system, which may lead to the disclosure of private information, while the second flaw allows malicious applications to bypass the usual security procedures within the system. Google confirmed that attacks may be carried out through malicious applications or using local technologies, which makes personal data and devices highly vulnerable.
Google has released updates to fix these vulnerabilities in Android versions 13 to 16. However, the problem of delays in issuing updates by device manufacturers or users not installing them leaves phones vulnerable to attacks. In contrast, iOS has a shorter time period between the discovery and correction of vulnerabilities, with about 90% of iPhones reaching the supported version faster.
Experts recommend that Android users install the latest updates as soon as they are available, upgrade to the latest versions if possible, and avoid downloading applications from untrusted sources to reduce the risk of cyberattacks.
