Google on Tuesday announced patches for 14 high-severity vulnerabilities as part of Android’s December 2024 security update, including a remote code execution flaw in the System component.
The first part of the update, which arrives on devices as the 2024-12-01 security patch level, resolves six security defects in the Framework and System components, five of which could allow attackers to elevate privileges.
According to Google’s advisory, however, the sixth of these bugs, which is tracked as CVE-2024-43767 and impacts System, is the most severe issue, as it could lead to remote code execution (RCE) with no additional execution privileges needed.
Fixes for these defects were included in updated Android 12, 12L, 13, 14, and 15 versions and the source code for these patches has been released to the Android Open Source Project (AOSP) repository.
Arriving on devices as the 2024-12-05 security patch level, the second part of this month’s Android security update resolves all six flaws, along with eight vulnerabilities in Imagination Technologies, MediaTek, and Qualcomm components.
Google makes no mention of any of these vulnerabilities being exploited in the wild, but urges users to update their devices as soon as the security update becomes available for them.
“Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible,” the internet giant notes.
No Android Automotive OS and Wear OS security patches were included in the December 2024 security bulletins for these platforms. However, the updates for them include fixes for all the vulnerabilities mentioned in the December 2024 Android security bulletin.
While no security bulletin detailing this month’s security update for Pixel devices has been published yet, Google is expected to produce one in the coming days.
Related: MITRE Updates List of 25 Most Dangerous Software Vulnerabilities
Related: Android Banking Trojan ToxicPanda Targets Europe
Related: FakeCall Android Trojan Evolves with New Evasion Tactics and Expanded Espionage Capabilities
