Security is central to the Android ecosystem, and while significant progress has been made, challenges remain.
The Android OS has seen notable improvements, especially with the integration of updates via Play Services. This method makes it possible to quickly deploy fixes and improvements without the need for a full system update.
Every month, Android also rolls out security updates that target specific vulnerabilities and improve the system’s overall resilience against attacks.
Security updates often arrive late, especially due to the diversity of manufacturers in the Android ecosystem. This slowness can leave vulnerabilities open for long periods of time.
A recent article from the Google Security Blog indicates that hackers can exploit N-day vulnerabilities just as effectively as 0-day vulnerabilities. But what does that mean?
A 0-day vulnerability is a flaw unknown to developers and security teams. It can be exploited by attackers even before officials are aware of its existence.
Conversely, an N-day vulnerability is a vulnerability that is already known but remains unexploited for NOT days before a patch is applied. If patches are not deployed quickly, attackers can exploit these vulnerabilities as if they were 0-day vulnerabilities.
A concrete example: CVE-2022-38181
One of the often cited examples is the CVE-2022-38181 driver-related vulnerability for ARM’s Mali GPUs.
Reported in July 2022, ARM did not provide a fixed driver until October 2022, and affected devices did not receive the update until April 2023, approximately five months after initial reports of exploits. the vulnerability.
The diversity of manufacturers and the complexity of patch testing slow down the deployment of security updates, making N-day vulnerabilities an attractive choice for cybercriminals. On Android, it is often easier to bypass patches for known vulnerabilities than to find completely new vulnerabilities.
To follow us, we invite you to download our Android and iOS application. You can read our articles, files, and watch our latest YouTube videos.