Google- Android patch gap makes n-days as dangerous as zero-days
30-Jul-23
In its annual 0-day vulnerability report, Google highlights a long-standing issue with the Android platform that increases the value and duration of use of publicly reported weaknesses. The study also includes statistics on in-the-wild exploitation from 2022.
In more detail, Google’s paper draws attention to the issue of Android’s n-days acting as 0-days for threat actors. The issue is caused by the Android ecosystem’s complexity, which involves several steps between the upstream vendor (Google) and the downstream manufacturer (phone manufacturers), significant variations in the timing of security updates for various device models, brief support periods, confusion over who is responsible, and other problems.
