Known Android flaws are just as bad as zero-days, finds Google
Patches for Android flaws are taking too long to reach end users, Google complains
Google’s latest annual review of zero-day exploits has claimed known vulnerabilities could be even worse than zero-day vulnerabilities.
In its report, Google asks whether zero-days are even needed on Android. Typically, a vulnerability would be most concerning before it becomes public. During this (hopefully short) period, an attacker can execute exploits without having to worry about a patch.
In the case of Android, as soon as Google becomes aware of the vulnerability, it is then an n-day flaw, regardless of patch status.
Android patches are just too slow
Google added that in some cases, patches have not been available to users for a significant amount of time across its ecosystem, which it blames on a disconnect between upstream (developer) fixes and the downstream (manufacturer) adoption.
A 2022 report entitled ‘Mind the Gap’ concluded that device vendors should be just as quick to react to patches as end users are advised to be.
A total of 41 zero-days were detected in 2022, down a staggering 40% from the previous year during which 69 had been detected, however with n-day vulnerabilities more exploitable than they should be, attackers have not been subject to the same reduction in attackable surfaces.
At the same time, Google highlighted ineffective patch methods which only serve to fix the exploit method seen being used, rather than the vulnerability as a whole, which it says is not comprehensive and doesn’t constitute a complete patch.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Moving forward, Google clearly places an emphasis on clear communication and collaboration, urging that all parties share as many technical details as possible following detailed analyses.
The company also calls for “fixes and mitigations to [get to] users quickly so that they can protect themselves.”
- Here's our run-down of the best malware removal tools and the best endpoint protection
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!