October 2019 Android Security Update Now Available for Pixel Devices

Yolanda Curtis
October 8, 2019

Android smartphones may be getting a new focus on mobile gaming as Google begins work on a Game Device Certification program.

While it's unlikely average Android users will be targeted by whoever is exploiting the bug, it's severe enough that everyone should install the October 2019 security update once it's available on their specific device, and those using any of the smartphones listed above should take extra care in the meantime.

Google has admitted that some Android smartphones have recently become vulnerable to a serious zero-day exploit that the company thought it had patched for good nearly two years ago. Therefore, this bug is subject to a 7 day disclosure deadline. It is said to have been patched back in December 2017 (v 3.18, 4.14, 4.4, and 4.9).

What's worse, this exploit requires little to no per-device customization, and the researchers at Project Zero also have proof of the exploit being used in the wild.

If you are the type who likes taking things into your own hands, images and relevant files are available at the Android Developer site that you can flash to your Pixel with no waiting.

Companies that want to keep Android Pie's navigation gestures can do so for updates on existing devices, but it appears that new devices won't have that fallback.

The Project Zero research team has shared a local proof-of-concept exploit to demonstrate how this bug can be used to gain arbitrary kernel read/write when running locally. Those were the only fixed versions but newer ones were discovered to be vulnerable still, unfortunately.

Here are the functional patches for this October update. They are not vulnerable to the issue.

"Google's Project Zero team recently disclosed a critical security flaw in its Android OS" Kernel that provides hackers access to not just its Pixel phones but also the ones from Samsung, Huawei, Xiaomi and others.

"This issue is rated as high severity on Android and by itself requires installation of a malicious application for potential exploitation".

Other reports by iNewsToday