back to article Google splats device-hijacking exploited-in-the-wild Android kernel bug among others

Google released 46 fixes for Android in its August security patch batch, including one for a Linux kernel flaw in the mobile OS that can lead to remote code execution (RCE). From the sounds of things, this hole already been spotted and exploited by spyware slingers. This bug, tracked as CVE-2024-36971, is a use-after-free …

  1. ghp

    And how does one obtain and apply such a patch to ones android device?

    1. RM Myers
      Unhappy

      On a wing and a prayer?

    2. Anonymous Coward
      Anonymous Coward

      Your LineageOS update service will find the new version and allow you to download and install it.

      1. Anonymous Coward
        Anonymous Coward

        Well, yes, I would secure my otherwise perfectly functional Pixel 4a by installing LineageOS, since Google can't be arsed to keep it secure any more.

        Except then my financial services apps would refuse to work because they think patched LineageOS is, by some word magic, actually less secure than stock Android left to wither on the vine.

        What a mucking fess.

        1. GioCiampa

          It is possible to get bank apps to work, despite only achieving the second of the three security levels in Play Integrity (Basic, Device, Strong). Strong Integrity is nigh-on impossible to achieve after you unlock the device at the moment... there are methods to achieve it, but they involve faking a security keystore, and Google are shit-hot at blocking any such keys when they are discovered.

          My old Moto (launched with Android 10, and recently updated to Android 14/LineageOS 21) seems to be OK with my bank apps, after much experimentation to get Device Integrity to stick (for the moment), but the one thing that seemingly *requires* Strong Integrity...? The RCS functionality in Google Messages... and I'll wager that the banking apps will go the same way at some point.

    3. Irongut Silver badge

      At the end of the month Samsung will push them to my devices and I'll click install. YMMV

      1. Julian Poyntz

        Bet it won't on my S9+

  2. Pete Sdev Bronze badge
    Linux

    Android bug?

    The link in the article,

    https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=051c0bde9f0450a2ec3d62a86d2a0d2fad117f13

    suggests that's a Linux bug which would effect any Linux-based OS, not just Android.

    Or have I missed something?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like