Code changes intended to prevent attacks can wind up creating even more security issus, Google Project Zero warned.
Google has patched a critical Bluetooth flaw in Android that could give an attacker control of a vulnerable device without any user interaction.
Many versions of Android, including Android 10, have a weakness dubbed StrandHogg that can lead to credential phishing and other malicious actions.
Google is now offering a top bounty of $1 million for a full chain remote code execution exploit that gains persistence on the Titan M chip on Pixel phones.
A new version of the Gustuff Android banking trojan has emerged, this time with new communications capabilities and more credential-theft features.