A critical vulnerability found in Android devices could potentially be exploited to hijack virtually all mobile apps, according to SC Magazine. This elevation-of-privilege vulnerability could be exploited without root access or user permission, allowing hackers to spy on individuals or steal their login credentials. While Android 10 is not affected by the vulnerability, Google has developed a security patch for Android versions 8, 8.1 and 9, which was released the general public as part of its May Security Bulletin. However, mobile security experts point out that Android versions prior to 8 remain endangered, and they note that availability of patches may depend on the particular device a user owns and whether the manufacturer has deployed the fix.
When a substantial number of Android users still run on older versions of the operating system, it means a significant number of people are at risk around the world. Updating operating systems can be a simple process, but when models change and people continue to use increasingly aging devices, they are often forced to stick with older legacy operating systems, which put them at risk.
Users are always advised to update their devices to the latest firmware, in order to protect themselves from attacks. We will never win the war on making older devices capable of being updated to the latest OS versions, so there has to be a happy medium where the user understands the risk if they decide to keep an older device.