It’s never good news when a security researcher discovers four serious vulnerabilities in devices from a major hardware manufacturer, but you can rest easy: The damage in this case has already been mitigated.
If you own a Lenovo tablet, a Vibe or Zuk phone, or an older Motorola model (the Moto M or the Moto E3), you need to patch it ASAP — if it hasn’t already updated on its own.
This information comes from Lenovo’s support website (opens in new tab), which thanks security researcher Imre Rad for finding four major flaws in the Lenovo Service Framework (LSF) software that Lenovo adds to its Android devices. The LSF lets apps push notifications into the user’s taskbar, but Rad discovered that a savvy hacker could leverage them to either steal sensitive information or inject remote code, all without a legitimate user’s input.
MORE: Best Smartphones
The exact details of the vulnerabilities aren’t available yet, which is probably good since users will need a little time to patch their devices. Android phones and tablets are pretty good about applying security updates on their own (or at least nagging users relentlessly about doing so), but if you haven’t downloaded a system patch lately, here’s how to do it:
First, ensure that your system itself is up to date by accessing System Updates in the Settings Menu. Tap Check for update, and follow the instructions, if necessary. If that’s all good, go to the Google Play Store and tap My apps & games. If the system finds any updates, tap Update All. There are more granular ways to do this, but that’s the most foolproof.
When that’s finished, go to Settings, Apps and Device Service. The version number should be V188.8.131.523, or higher. If it’s not, visit Lenovo’s download page (opens in new tab) and nab the appropriate APK, depending on whether you’re dealing with a smartphone or a tablet. In your Downloads app, tap the APK and let it install. (It may ask you to fiddle with your settings to allow third-party app installations. Go ahead and do so for now, but disable it again after the update.)
That’s pretty much it. A hawkeyed security researcher has preemptively outwitted the cybercriminals once again, and all you have to do to benefit is apply a simple update to your phone or tablet. There’s also no evidence that malefactors could exploit the vulnerability on newer Motorola phones, so most Moto owners can rest easy.
Best Android Antivirus Apps
Best Paid Option
You'll have to pay $15 per year for Bitdefender Mobile Security, but its excellent malware protection and intuitive user interface make it well worth paying for.
Best Freemium Option
Norton Mobile Security may seem pricey, but its excellent protection, multidevice license and unique privacy features make it a worthwhile investment.