Latest news with #AndroidSecurityBulletin
Daily Record
6 days ago
- Daily Record
Android users given 'critical' warning and urged to restart their devices now
Google has released a vital update and has urged users to follow their advice. Android users are being urged to update their smartphones as soon as possible. A new security update from Google has been released that fixes bugs in the system that have been given a 'critical' rating. For those wanting to keep their devices safe, it is vital to follow the tech firm's advice. Fixing a total of six issues currently within Android's platform, everyone who uses the popular operating system is being urged to pay attention to the current security update. While this may seem like a smaller update compared to other months, this does not mean it should be ignored for a later date. In fact, one expert has said the criticality "cannot be understated". Adam Boynton, senior security manager EMEIS at Jamf, highlighted some of the key reasons why Android users should follow the Goolge advice. He said: "While August's Android Security Bulletin is lighter in volume compared to earlier this year, the criticality of the patched issues cannot be understated. "Perhaps most concerning is CVE‑2025‑48530, a critical system-level vulnerability allowing remote code execution without user interaction." This means that if Android users ignore this crucial update, they could be leaving their phone vulnerable to being overhauled and controlled by a hacker. The most worrying part is that the smartphone user wouldn't even be aware it was happening, reports the Express. On top of this, the latest system update also fixes an issue that could lead to targeted exploitation if ignored. This significant threat was discovered by tech giant Qualcomm. They confirmed: "There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation. "Patches for the issues affecting the Adreno Graphics Processing Unit (GPU) driver have been made available to OEMs in May together with a strong recommendation to deploy the update on affected devices as soon as possible." While experts are unsure if Android users have been under attack by hackers, it is best to proceed with caution and update your device when alerted of a system upgrade. As Google provides their software and system updates to all Android devices, the Google Pixel smartphones will be the first to receive the update alert. Other manufacturers such as Samsung, OnePlus and Motorola will then send out their own updates in the coming weeks to provide the latest level of security to your phones. In order to not miss this update, it is important to keep an eye on your settings app. If there is a system update available, it is important to install it straight away and restart your device in order to provide an extra wall of security against current and future hacks. Hacking into your phone's system isn't the only way that cyber crooks can infiltrate your tech and steal your personal and financial data, they can also do so by controlling popular apps. Recently Action Fraud reported a spike in incidents on WhatsApp, which has seen hackers takeover accounts and start sending messages to your contacts to steal money and data. Those impacted by this attack have found themselves locked out of their accounts, which has stopped them from accessing their current chats or contacts to warn others of the breach. On X Action Fraud said: "Protect your WhatsApp account against hackers. We continue to see a rise in the number of reports relating to WhatsApp account takeovers." WhatsApp users can protect their accounts by authorising a two-step verification, being wary of any unexpected messages or requests and calling their contacts to help verify their identity. Join the Daily Record WhatsApp community! Get the latest news sent straight to your messages by joining our WhatsApp community today. You'll receive daily updates on breaking news as well as the top headlines across Scotland. No one will be able to see who is signed up and no one can send messages except the Daily Record team. All you have to do is click here if you're on mobile, select 'Join Community' and you're in! If you're on a desktop, simply scan the QR code above with your phone and click 'Join Community'. We also treat our community members to special offers, promotions, and adverts from us and our partners. If you don't like our community, you can check out any time you like. To leave our community click on the name at the top of your screen and choose 'exit group'.
Daily Mirror
06-08-2025
- Daily Mirror
Everyone using Android must restart their phones now as 'critical' warning issued
If you use Android it's worth checking the settings and restarting your device. There's a very important alert for all Android users this week, and everyone using this popular operating system must pay attention. Google has just released a vital security update which fixes a total of six issues with its smartphone platform. That already sounds scary but some of the bugs are so bad they have been given the 'critical' rating, which means the update should be installed as soon as possible. 'While August's Android Security Bulletin is lighter in volume compared to earlier this year, the criticality of the patched issues cannot be understated," Adam Boynton, Senior Security Strategy Manager EMEIA at Jamf explained. "Perhaps most concerning is CVE‑2025‑48530, a critical system-level vulnerability allowing remote code execution without user interaction." That warning basically means a hacker could take control of a phone, and the owner would be completely unaware. Another reason not to ignore the new release is that it fixes an issue discovered by tech giant Qualcomm, which could allow targeted exploitation - it remains a significant threat. "There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation," Qualcomm confirmed. "Patches for the issues affecting the Adreno Graphics Processing Unit (GPU) driver have been made available to OEMs in May together with a strong recommendation to deploy the update on affected devices as soon as possible." It's unclear if consumers have been hit by the issue or faced attack from hackers but it's not a good idea to ignore this latest update or become complacent. Like all Android releases, Pixel phones will be the first to see the changes with other manufacturers then releasing their own fixes in the coming weeks. It's now a good idea to keep an eye on your settings. If you spot a systems update install it and restart your phone without delay. That will make sure it stays protected from any current or future attacks.
Daily Record
07-05-2025
- Daily Record
Android users placed on red alert - you must check your settings 'immediately'
A worrying new Android bug has been discovered and is already being used to target devices. Android phone users have been warned to make sure their settings are fully up to date, due to a worrying bug targeting them. The stark warning from security experts after the bug has been found hiding within this hugely popular operating system. Google has now fixed the error, but not before it was handed the dreaded zero-day stamp. That tag basically means the glitch has already been spotted by hackers and is being actively exploited in the wild. That's why it's so vital everyone makes a quick check without delay, reports the Mirror. Senior Security Strategy Manager EMEIA at firm Jamf, Adam Boynto said: 'The latest Android Security Bulletin contains a fix for an actively exploited vulnerability, CVE-2025-27363, therefore we advise all Android users to update their devices immediately." Google always releases monthly patches, which usually fix minor bugs and glitches. However, sometimes the problems are a little more serious and that's why it's vital all phone users make sure they keep on top of installing updates. 'The fixed bug is an out-of-bounds memory vulnerability in the FreeType software,' Jamf's Boynton explained. 'FreeType is a core component of Android devices because it renders fonts and is therefore an attractive target for cybercriminals. Exploiting the vulnerability could allow an attacker to gain control of the entire system without requiring elevated privileges. 'Although this is a targeted attack, most likely targeting high-value individuals, we strongly recommend that all users update their Android OS. The bug has been exploited since March, and its zero-click nature means that criminals can exploit the vulnerability without the user even being aware.' Google usually rolls out its updates to Pixel devices first with other manufacturers such as Samsung, OnePlus and Honor following soon after the initial release. No matter what phone you have in your pocket. It's a good idea to head to the settings menu this week and make sure things are fully updated. Join the Daily Record WhatsApp community! Get the latest news sent straight to your messages by joining our WhatsApp community today. You'll receive daily updates on breaking news as well as the top headlines across Scotland. No one will be able to see who is signed up and no one can send messages except the Daily Record team. All you have to do is click here if you're on mobile, select 'Join Community' and you're in! If you're on a desktop, simply scan the QR code above with your phone and click 'Join Community'. We also treat our community members to special offers, promotions, and adverts from us and our partners. If you don't like our community, you can check out any time you like. To leave our community click on the name at the top of your screen and choose 'exit group'. If you're curious, you can read our Privacy Notice. It comes as an urgent alert was issued to all Gmail users to be aware of a new and sophisticated scam that could compromise their personal data. Last month, an alarming rise in attacks aimed at stealing sensitive information was recorded as hackers target users. Security experts from Malwarebytes have now stepped in with their warning about this menacing online threat from cybercriminals who are exploiting Google's infrastructure, crafting emails that convincingly seem to be sent directly from the tech firm. The aim of these online crooks is to trick people into divulging their Google account credentials. Users are urged to exercise caution when checking their email accounts to avoid being deceived. You can read more here.
Daily Mirror
07-05-2025
- Daily Mirror
All Android users placed on red alert - you must check your settings 'immediately'
A worrying new Android bug has been discovered and is already being used to target devices. Anyone with an Android phone in their possession must be on high alert and make sure their settings are fully up to date. That's the latest warning from security experts after a worrying bug has been found hiding within this hugely popular operating system. Google has now fixed the glitch, but not before it was handed the dreaded zero-day stamp. That tag basically means the glitch has already been spotted by hackers and is being actively exploited in the wild. That's why its so vital everyone makes a quick check without delay. Explaining more, Adam Boynton, Senior Security Strategy Manager EMEIA at security firm Jamf, said: 'The latest Android Security Bulletin contains a fix for an actively exploited vulnerability, CVE-2025-27363, therefore we advise all Android users to update their devices immediately." Google always releases monthly patches, which usually fix minor bugs and glitches. However, sometimes the problems are a little more serious and that's why it's vital all phone users make sure they keep on top of installing updates. So what happens if you are targeted by the latest issue? 'The fixed bug is an out-of-bounds memory vulnerability in the FreeType software,' Jamf's Boynton explained. 'FreeType is a core component of Android devices because it renders fonts and is therefore an attractive target for cybercriminals. Exploiting the vulnerability could allow an attacker to gain control of the entire system without requiring elevated privileges. 'Although this is a targeted attack, most likely targeting high-value individuals, we strongly recommend that all users update their Android OS. The bug has been exploited since March, and its zero-click nature means that criminals can exploit the vulnerability without the user even being aware.' Google usually rolls out its updates to Pixel devices first with other manufacturers such as Samsung, OnePlus and Honor following soon after the initial release. No matter what phone you have in your pocket. It's a good idea to head to the settings menu this week and make sure things are fully updated.
Yahoo
17-04-2025
- Yahoo
The reason you don't have to worry about Android security almost went dark
When you buy through links on our articles, Future and its syndication partners may earn a commission. Most users of technology don't have to consciously think about security vulnerabilities on their most-used devices, including Android-based products, very often. As long as you update your phone as soon as new security patches are available, you're usually covered. However, there's an intricate government-supported program operating to make that all possible, and it almost went dark today. After roughly 24 hours of uncertainty, the U.S. Cybersecurity and Infrastructure Agency (CISA) announced that it would continue funding the Common Vulnerabilities and Exposures (CVE) on the day its previous contract was set to expire. Today, April 16, a spokesperson for the CISA told The Verge that the agency "executed the option period on the contract to ensure there will be no lapse in critical CVE services." But it went down to the wire in a move that could've sent the entire globe into a tech security nightmare. It all has to do with the CVE program, which identifies and tracks security issues in public view, from the point a potential problem is identified to the time when a proper fix is issued. It has nearly 500 partners that include security researchers, open-source developers, and major companies — including big ones like Google, Microsoft, and Apple. If the CVE program sounds familiar, that's probably because you've seen a CVE code mentioned in an article (like one of the many CVE-related ones on Android Central) or the release notes of an update. They're also a major part of monthly releases on the Android Security Bulletin. These codes, like CVE-2024-53104, start with CVE followed by the year and a number, and create a universal database to track security flaws across devices, platforms, and companies. The CVE program has been active for 25 years, beginning in 1999. It has become invaluable to the security community, serving as a universal way for researchers, developers, companies, and the public to work together to discover and patch crucial vulnerabilities. More importantly, it publicly states whether a vulnerability is believed to have been actively exploited by bad actors. Leading security researchers have pointed out the consequences of the CVE program shutting down, like Lukasz Olejnik on X (formerly Twitter). "The consequence will be a breakdown in coordination between vendors, analysts, and defense systems — no one will be certain they are referring to the same vulnerability," wrote Olejnik, a scholar with advanced degrees in computer science and information technology law with specializations in privacy. "Total chaos, and a sudden weakening of cybersecurity across the board." Luckily, it appears that the crisis has been avoided, as the federal government will continue to fund the CVE program for at least the near future. However, the decision coming down to the wire as the Trump administration slashes federal funding across the board puts the CVE program in a more uncertain position now than at any point in its 25-year history. "The CVE Program is invaluable to the cyber community and a priority of CISA," the spokesperson said in a statement to The Verge. "We appreciate our partners' and stakeholders' patience." But that final green light didn't come quick enough, as the security world already started making plans to keep the CVE program up and running — even without federal funding. CVE board members created the CVE Foundation, a nonprofit planned for in secret for the past year that would ensure the CVE mission continues. "CVE, as a cornerstone of the global cybersecurity ecosystem, is too important to be vulnerable itself," said Kent Landfield, an officer of the CVE Foundation, in a press release. "Cybersecurity professionals around the globe rely on CVE identifiers and data as part of their daily work, from security tools and advisories to threat intelligence and response. Without CVE, defenders are at a massive disadvantage against global cyber threats." The foundation explains that it is concerned that having a single government sponsor could create "a single point of failure in the vulnerability management ecosystem." The CVE program is a critical part of Android security, and it should be relevant to every single person who touches an Android-based device. Although government funding has been acquired for now, the moves that have been set in motion by the last-minute decision may not be reversed. The CVE Foundation is here, and it might be here to stay. There's no word on whether the CVE Foundation will continue to operate now that the CVE program has retained U.S. government funding, but the foundation said more information will be released "over the coming days." The immediate U.S. government funding doesn't solve the long-term problem the CVE Foundation has identified — the possibility of having a single point of failure — so there still may be a reason for it to exist. Regardless of how this all plays out, the decision to fund the CVE program should've never come this close to ending a crucial global security program. Most of us have the luxury to not think about device security that often, and it's programs like the CVE that allow us that privilege.
