The recently discovered vulnerability basically allows hackers to end connections, and if those connections aren’t encrypted, they can inject malicious code into communications between the two users, according to security firm Lookout.
According to Ars Technica, the flaw was originally found in Linux 3.6, which was introduced way back in 2012. That version of Linux was introduced into Android 4.4 KitKat, and is present in all versions of Android after KitKat, including
“The issue should be concerning to Android users as attackers are able to execute this spying without traditional ‘man-in-the-middle’ attacks through which they must compromise the network in order to intercept the traffic,” said Andrew Blaich in a blog post for Lookout.
It’s important to note that the flaw goes beyond Android — it was introduced in the Linux kernel, which means that any software based on Linux could be open to it.
According to Google, engineers are aware of the flaw and are working on a way to patch it — so while it does appear in the latest version of Android,
Editors' Recommendations
- Don’t buy the Pixel 7a — this is the best cheap Pixel of 2023
- Why I don’t want to stop using the brilliant (but risky) Pixel 7 Pro
- Google Photos now shows more of the photos you want, fewer of the ones you don’t
- Don’t pay the Verizon 5G tax for the Google Pixel 4a 5G
- 4 things I love about the Pixel 4a, and 1 thing I don’t