Google patched a critical Android 12 security flaw today

A critical vulnerability in Google's Android 12 OS version has just been patched, according to the company's February 2022 Android Security Bulletin (via Tech Radar). Apparently, the latest version of the operating system has subjected unknowing users to a zero-click exploit ever since its release, but the new update is finally putting an end to that.

Zero-click exploits are among the most dangerous of all, as they require no action on the victim's part in order for an attacker to gain control of their device. Google itself called it a "critical security vulnerability in the System component that could lead to remote escalation of privilege with no additional execution privileges needed.”

The security flaw ran under the code name CVE-2021-39675 as developers hastened to patch it up in this month's first Android security update. 

Although we know the general gist of the vulnerability, Google hasn't yet shared specific details, as it is still in the middle of rolling out the present update. Part of the fix, it mentioned, involved a source-level change in the code of Android's wireless NFC (near-field communication) code that includes an additional check to ensure that a size parameter isn't too large.

In the absence of in-depth details, the most important thing is that users can rest assured that their Android 12-running device should be as secure as possible at present, with all known vulnerabilities patched up. It's possible that we'll know more once Google has completed the update rollout.

As mentioned by Tech Radar, one of the reasons for a longer rollout period is because every manufacturer uses their own slightly tweaked version of the Android OS. This is why although Android 12 was released back in October, the update is still rolling out to some brands' models. 

It's also the reason that although Google began rolling out the security patch today, it may be a few days before it finally reaches you.