Last week, researchers warned that more than a billion Android users were vulnerable to a new set of major bugs, allowing hackers to take control of their phones with a malicious audio or video file.
On Monday, as it had promised, Google has pushed for a patch that fixes the vulnerabilities. The patch fixes 14 “critical” vulnerabilities in the Stagefright library, a multimedia processing engine that underlies every Android phone, as well as five other vulnerabilities that allowed “remote code execution,” technical lingo for hackers taking a system remotely.
Videos by VICE
Despite the gravity of the bugs, Google noted that it had “no reports of active customer exploitation of these newly reported issues.”
Manufacturers and carriers were notified of the bugs on Sept. 10 “or earlier,” Google announced. It’s now up to them to implement the patch, but as we’ve reported many times, thanks to Android’s broken ecosystem, it might take some time. Nexus owners, on the other hand, should have already received the patch. Silent Circle, the maker of the security-oriented Blackphone 2, also issued a patch on Monday.
When researchers found the first set of Stagefright bugs over the summer, Google issued a patch before the bugs were publicly announced, although a security firm claimed that Google botched the patch, leaving at least a bug unpatched.
More
From VICE
-
Screenshot: Sony Interactive Entertainment -
-
LOS ANGELES, CALIFORNIA – NOVEMBER 14: Timothée Chalamet seen at a Special Screening of A24's "Marty Supreme" at Academy Museum of Motion Pictures on November 14, 2025 in Los Angeles, California. (Photo by Eric Charbonneau/A24 via Getty Images) -
Photo: Gandee Vasan / Getty Images
