"The flaw, tracked as CVE-2026-0073, affects Android's System component, allowing an attacker to exploit it to execute code as the shell user without additional execution privileges."
"User interaction is not required for exploitation, making this vulnerability particularly concerning for Android device security."
"Google has informed users that no patches have been released this month for Wear OS, Pixel Watch, Android XR, and Android Automotive."
"Google announced last week that it has significantly increased maximum bug bounty payouts for Android device vulnerabilities, offering up to $1.5 million for a zero-click Pixel Titan M exploit with persistence."
Google announced an Android update addressing a critical vulnerability, CVE-2026-0073, affecting the System component. This flaw allows remote code execution as the shell user without user interaction. The vulnerability impacts the Android Debug Bridge daemon, which manages device communication. No patches were released for Wear OS, Pixel Watch, Android XR, or Android Automotive. There are no known malicious exploits of this vulnerability, and only one Android vulnerability this year has been flagged as exploited in the wild. Google has increased bug bounty payouts for Android vulnerabilities significantly.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]