Android Update Patches Critical Vulnerability

Share This Post

Google this week announced a fresh batch of security updates for Android, to address a total of 26 vulnerabilities, including a critical-severity flaw in the System component.

The bug, tracked as CVE-2024-23706 and impacting Android 14, could allow attackers to escalate their privileges on vulnerable devices, Google notes in its advisory.

“The most severe of these issues is a critical security vulnerability in the System component that could lead to local escalation of privilege with no additional execution privileges needed,” the internet giant says.

The vulnerability was resolved as part of the 2024-05-01 security patch level, which addresses eight flaws, including four elevation of privilege (EoP) bugs in the Framework component, and three EoP issues and one information disclosure defect in the System component.

Patches for 18 other vulnerabilities in kernel, Arm, MediaTek, and Qualcomm components were included in the second part of this month’s Android update, which arrives on devices as the 2024-05-05 security patch level and which also includes updated kernel LTS versions.

On Tuesday, Google also announced fresh security updates for Pixel devices, to resolve seven additional vulnerabilities impacting the Bluetooth component, the Mali GPU driver, and five Qualcomm components.

Pixel devices running a security patch level of May 5 contain patches against all these flaws, and the vulnerabilities detailed in Android’s May 2024 security bulletin.

Additionally, Google announced security updates that resolve four Wear OS-specific vulnerabilities, including a critical-severity flaw in the Framework component.

Advertisement. Scroll to continue reading.

“The most severe of these issues is a critical security vulnerability in the Framework component that could lead to local escalation of privilege by a malicious app with no additional execution privileges needed,” Google notes.

The full Wear OS update also fixes the flaws detailed in Android’s May 2024 security bulletin, which are being addressed via Android Automotive OS and Pixel Watch updates as well.

Google makes no mention of any of these vulnerabilities being exploited in the wild.

Related: Google Patches Exploited Pixel Vulnerabilities

Related: Android’s March 2024 Update Patches Critical Vulnerabilities

Related: Critical Remote Code Execution Vulnerability Patched in Android

This post was originally published on this site

More Articles
Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .