Last week, researchers warned that more than a billion Android users were vulnerable to a new set of major bugs, allowing hackers to take control of their phones with a malicious audio or video file.
On Monday, as it had promised, Google has pushed for a patch that fixes the vulnerabilities. The patch fixes 14 "critical" vulnerabilities in the Stagefright library, a multimedia processing engine that underlies every Android phone, as well as five other vulnerabilities that allowed "remote code execution," technical lingo for hackers taking a system remotely.
Despite the gravity of the bugs, Google noted that it had "no reports of active customer exploitation of these newly reported issues."
Manufacturers and carriers were notified of the bugs on Sept. 10 "or earlier," Google announced. It's now up to them to implement the patch, but as we've reported many times, thanks to Android's broken ecosystem, it might take some time. Nexus owners, on the other hand, should have already received the patch. Silent Circle, the maker of the security-oriented Blackphone 2, also issued a patch on Monday.
When researchers found the first set of Stagefright bugs over the summer, Google issued a patch before the bugs were publicly announced, although a security firm claimed that Google botched the patch, leaving at least a bug unpatched.