Google has released this month's Android security update. The update includes patches for 46 different vulnerabilities, including a zero-day flaw that is being actively exploited.

As reported by BleepingComputer, the zero-day in question (tracked as CVE-2024-36971) is a use after free vulnerability in the Linux kernel that Android uses to control network route management. [Exploitation of this security flaw requires system execution privileges, but Google explains in its Android security bulletin that there are indications that this zero-day "may be of limited and targeted exploitation". A successful exploit would allow hackers to execute arbitrary code on unpatched devices without user interaction. [The zero-day was discovered by Clément Lecigne, a security researcher in Google's Threat Analysis Group (TAG). As is often the case, however, the company has not provided details on how this flaw is being exploited, and has not given owners of the best Android phones time to patch it.

Nevertheless, Google's TAG security researchers are often responsible for finding and exposing zero-day flaws used by state-sponsored hackers in attacks targeting CEOs, politicians, activists, and other prominent figures.

To address this zero-day and 45 other security flaws, Google released two sets of patches as part of its August security update in the form of 2024-08-01 and 2024-08-05. The second set of patches includes all of the first patch's fixes and additional patches for third-party closed source and kernel components.

Google's Pixel phones will receive the latest security updates as soon as they are released, but Samsung's best phones and devices from other popular hardware manufacturers may take even longer to start rolling out to users.

To see if an update is available for your Android phone, you can head to Settings and look for System, Software Update or About Phone, depending on your phone's manufacturer. From there, tap System Update or Software Update, then tap Check for Updates. If the update is available you can download and install it on your phone. Before installing the update, however, make sure your device is charged and connected to Wi-Fi. If you need further help, check out our guide on how to update Android.

Even though the zero-day flaw mentioned above may be actively exploited by hackers, it is only used in targeted attacks and most Android users are likely safe from threats. Still, this is an excellent reminder to make sure your smartphone is running the latest software.