And how does one obtain and apply such a patch to ones android device?
Google splats device-hijacking exploited-in-the-wild Android kernel bug among others
Google released 46 fixes for Android in its August security patch batch, including one for a Linux kernel flaw in the mobile OS that can lead to remote code execution (RCE). From the sounds of things, this hole already been spotted and exploited by spyware slingers. This bug, tracked as CVE-2024-36971, is a use-after-free …
COMMENTS
-
-
-
Wednesday 7th August 2024 23:07 GMT Anonymous Coward
Well, yes, I would secure my otherwise perfectly functional Pixel 4a by installing LineageOS, since Google can't be arsed to keep it secure any more.
Except then my financial services apps would refuse to work because they think patched LineageOS is, by some word magic, actually less secure than stock Android left to wither on the vine.
What a mucking fess.
-
Wednesday 14th August 2024 10:20 GMT GioCiampa
It is possible to get bank apps to work, despite only achieving the second of the three security levels in Play Integrity (Basic, Device, Strong). Strong Integrity is nigh-on impossible to achieve after you unlock the device at the moment... there are methods to achieve it, but they involve faking a security keystore, and Google are shit-hot at blocking any such keys when they are discovered.
My old Moto (launched with Android 10, and recently updated to Android 14/LineageOS 21) seems to be OK with my bank apps, after much experimentation to get Device Integrity to stick (for the moment), but the one thing that seemingly *requires* Strong Integrity...? The RCS functionality in Google Messages... and I'll wager that the banking apps will go the same way at some point.
-
-
-