Very important bugs in the Android of all Nexus devices were patched with a new security update by Google. Two of them to be specific. Malware researchers report that one bug could allow a hacker to start malware remotely on the infected device and the other one could hide malware in images which cause infection without the victim even having to open the files.
Vulnerability Number One
The exploit that was initially discovered by Mark Brand – researcher from the Google Project Zero (for zero-day exploits and others) is a very important one. In fact, if the bug is used in an exploit kit, it can grant an attacker the privilege to spread the viruses in multiple techniques.
According to reports, the researcher is curious as to why this bug has not been discovered so far. The exploit kit on which this bug is based has been detected only in several models of Nexus devices, and it is very difficult to apply it into real life usage. In addition to this, the exploit was also reported by the researcher that with additional research it could be reliable to hackers. Google has not yet received any reports of attacks using this exploit. However, they strongly advise everyone to update their devices often.
The Second Vulnerability
The update released for the first Android vulnerability also patches another bug, according to reports by PCmag(https://www.pcmag.com/news/347781/google-patches-extremely-serious-android-bugs). The fixed bug was also very dangerous, primarily because it allowed for an exploit via a .jpeg file which is essentially an image. Such pictures could be sent to the user via mail or other services, and you do not even have to open the contaminated pictures to get infected with an exploit carrying malicious code.
What Does This Mean for Android Users
These specific exploits are reported to allegedly have something in connection with malware that can cause advertisements to appear automatically and make money to hackers by automatically opening third-party URLs. Such schemes are very common PPC (pay per click) fraud and they are part of a large network that generates revenue by connecting the infected device automatically to third-party websites. Essentially some of those viruses may also install other malware on your Android device, like mobile ransomware or even trojan that can root it. This is why it is good always to take appropriate actions to secure your phone, especially if you see those symptoms.
In general, however, bugs are found all the time, because as long as there are people who do the coding, there will always be flaws in the code itself. This is why one can never be too careful as to how smartphones are used.