Google has issued patches for 46 vulnerabilities in Android, addressing critical and high-severity issues that could lead to remote code execution and elevation of privilege. The most severe flaw, tracked as CVE-2024-0031, affects Android Open Source Project (AOSP) versions 11 through 14, impacting the System component. This critical vulnerability could allow remote attackers to execute arbitrary code without requiring additional privileges, highlighting the urgency of the update.
In addition to the critical bug, the patch addresses 14 high-severity vulnerabilities affecting the Framework and System components, further enhancing the security posture of Android devices. The second part of the update, rolled out as the 2024-02-05 security patch level, resolves 31 high-severity security defects in components from Arm, MediaTek, Unisoc, and Qualcomm. Google has also released patches for seven vulnerabilities specifically targeting Pixel devices, with five of them found in Qualcomm’s audio subcomponent.
Furthermore, Google extended the patching efforts to Android Automotive OS, Wear OS, and Pixel Watch updates, ensuring that the vulnerabilities addressed in the 2024-02-05 security patch level are also mitigated across these platforms. Despite the extensive security improvements, no additional vulnerabilities were fixed for either platform, underlining Google’s commitment to bolstering the security of its ecosystem through timely and comprehensive patch releases.
