Final month, researchers uncovered a security flaw that affected a “very massive proportion” of Pixel telephones. Google’s new update, rolling out today, fixes that vulnerability.
A number of weeks in the past, on-line safety agency iVerify printed a blog detailing how the overwhelming majority of Pixel telephones shipped since 2017 contained software program referred to as showcase.apk. The software program wasn’t supposed for shoppers however for Verizon retailer staff to indicate off Pixel cellphone options.
Additionally: Why the NSA advises you to turn off your phone once a week
The difficulty was that showcase.apk has very excessive system privileges and might even execute code and set up software program remotely. In idea, somebody with malicious intentions might entry the Amazon Internet Companies area that powers the software program and place malware or spyware and adware on an unsuspecting particular person’s cellphone.
For the reason that app got here pre-installed, customers could not take away it manually.
In the present day’s safety replace from Google removes showcase.apk completely. The weblog put up does not point out that software program by identify, solely saying that there’s “repair to take away third occasion APK to deal with safety vulnerability.”
When iVerify found the exploit, Google stated it had no proof of anybody making the most of it. The issue was extreme sufficient, although, that Palantir Applied sciences, the corporate that helped determine the safety concern within the first place, banned use of Android units.
Additionally: Worried about the YubiKey 5 vulnerability? Here’s why I’m not
An essential caveat is that iVerify famous showcase.apk wasn’t enabled by default. “There could be a number of strategies to allow it,” the report defined, however the “iVerify analysis crew investigated one technique requiring bodily entry.”
It appears probably this flaw would have been pretty robust for somebody to take advantage of anyway, however Google is eradicating it regardless.
The replace applies to the Pixel 6, Pixel 6 Professional, Pixel 6a, Pixel 7, Pixel 7 Professional, Pixel 7a, Pixel 8, Pixel 8 Professional, Pixel 8a, Pixel Fold, and Pixel Pill. The app wasn’t preloaded onto the Pixel 9 series.