Google has rolled out its September 2024 Android security updates, which address a total of 35 vulnerabilities, including a particularly critical local privilege escalation flaw tracked as CVE-2024-32896. This high-severity vulnerability impacts the Android Framework component and could allow local attackers to elevate their privileges without needing additional execution rights. The issue was first disclosed in June 2024 and was exploited as a zero-day vulnerability targeting Pixel devices, highlighting the urgent need for this security patch.
The September updates are being distributed in two distinct phases. The initial phase, which includes the 2024-09-01 security patch level, focuses on resolving 10 significant security defects. Among these are three high-severity flaws within the Framework component and seven within the System component. These fixes are crucial for maintaining device security and ensuring that vulnerabilities are promptly addressed to prevent potential exploitation.
The second phase of the updates, marked by the 2024-09-05 security patch level, expands the scope to address 25 additional vulnerabilities. These issues span various components, including Kernel, Arm, Imagination Technologies, Unisoc, and Qualcomm. This comprehensive update aims to fortify Android devices against a wide range of potential threats by patching flaws that could be exploited by malicious actors to compromise system integrity and user data.
In addition to the broader Android updates, Google has released a specific security update for Pixel devices, which addresses six vulnerabilities, four of which are categorized as critical-severity elevation of privilege flaws. Although no functional patches were included in this update, devices running the latest security patch level are protected against these critical issues. Furthermore, Google has published advisories for Android 15, Automotive OS, and Wear OS, underscoring their commitment to addressing security concerns across their entire ecosystem. These updates reflect Google’s ongoing efforts to enhance device security and safeguard users from evolving cyber threats.
Reference:
