Google's mobile security team have discovered two critical Android security holes in its ecosystem. These loopholes had the potential of being exploited by hackers to affect millions of devices around the world. One flaw has been identified as a variant of Stagefright, while the other is said to have been designed for research purpose.

Like Us on Facebook

The Stagefright clone flaw could have let the hackers to hijack devices by using malicious JPEG image files. These files may be delivered through Gmail or other Google services. The hackers may then proceeded to steal sensitive information or to even shut down the device completely. According to the Express, devices could be infected even without downloading the malicious image as the bug could be triggered by a mere on-screen display.

The second flaw, known as CVE 2016-3861, was found to be designed for research purpose. However, Engadget states that the flaw had the potential of being a major threat if it had been found or weaponized by unscrupulous hackers.

The security patches are contained in Google's latest security bulletin. These patches are available for immediate download for Nexus devices. The updates will be rolled out soon to other devices.

Google remains on tenterhooks for Android's vulnerability to malware. Security company Check Point recently reported the existence of two malwares in several of the Play Store apps. These malwares are DressCode and CallJam. DressCode can compromise a local network, while CallJam could direct the device to make calls to paid phone numbers. Google has since removed malicious apps from the Play Store.