Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Android Update Patches Critical Vulnerability

Android’s May 2024 security update patches 38 vulnerabilities, including a critical bug in the System component.

Google this week announced a fresh batch of security updates for Android, to address a total of 26 vulnerabilities, including a critical-severity flaw in the System component.

The bug, tracked as CVE-2024-23706 and impacting Android 14, could allow attackers to escalate their privileges on vulnerable devices, Google notes in its advisory.

“The most severe of these issues is a critical security vulnerability in the System component that could lead to local escalation of privilege with no additional execution privileges needed,” the internet giant says.

The vulnerability was resolved as part of the 2024-05-01 security patch level, which addresses eight flaws, including four elevation of privilege (EoP) bugs in the Framework component, and three EoP issues and one information disclosure defect in the System component.

Patches for 18 other vulnerabilities in kernel, Arm, MediaTek, and Qualcomm components were included in the second part of this month’s Android update, which arrives on devices as the 2024-05-05 security patch level and which also includes updated kernel LTS versions.

On Tuesday, Google also announced fresh security updates for Pixel devices, to resolve seven additional vulnerabilities impacting the Bluetooth component, the Mali GPU driver, and five Qualcomm components.

Pixel devices running a security patch level of May 5 contain patches against all these flaws, and the vulnerabilities detailed in Android’s May 2024 security bulletin.

Additionally, Google announced security updates that resolve four Wear OS-specific vulnerabilities, including a critical-severity flaw in the Framework component.

Advertisement. Scroll to continue reading.

“The most severe of these issues is a critical security vulnerability in the Framework component that could lead to local escalation of privilege by a malicious app with no additional execution privileges needed,” Google notes.

The full Wear OS update also fixes the flaws detailed in Android’s May 2024 security bulletin, which are being addressed via Android Automotive OS and Pixel Watch updates as well.

Google makes no mention of any of these vulnerabilities being exploited in the wild.

Related: Google Patches Exploited Pixel Vulnerabilities

Related: Android’s March 2024 Update Patches Critical Vulnerabilities

Related: Critical Remote Code Execution Vulnerability Patched in Android

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Fastly announced that Scott Lovett will join the company as Chief Revenue Officer, effective June 3, 2024.

Digital transformation consulting firm Synechron has hired Aaron Momin as CISO.

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

More People On The Move

Expert Insights