Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Android’s December 2024 Security Update Patches 14 Vulnerabilities

Google has released patches for 14 high-severity vulnerabilities as part of Android’s December 2024 security update.

Android security updates

Google on Tuesday announced patches for 14 high-severity vulnerabilities as part of Android’s December 2024 security update, including a remote code execution flaw in the System component.

The first part of the update, which arrives on devices as the 2024-12-01 security patch level, resolves six security defects in the Framework and System components, five of which could allow attackers to elevate privileges.

According to Google’s advisory, however, the sixth of these bugs, which is tracked as CVE-2024-43767 and impacts System, is the most severe issue, as it could lead to remote code execution (RCE) with no additional execution privileges needed.

Fixes for these defects were included in updated Android 12, 12L, 13, 14, and 15 versions and the source code for these patches has been released to the Android Open Source Project (AOSP) repository.

Arriving on devices as the 2024-12-05 security patch level, the second part of this month’s Android security update resolves all six flaws, along with eight vulnerabilities in Imagination Technologies, MediaTek, and Qualcomm components.

Google makes no mention of any of these vulnerabilities being exploited in the wild, but urges users to update their devices as soon as the security update becomes available for them.

“Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible,” the internet giant notes.

No Android Automotive OS and Wear OS security patches were included in the December 2024 security bulletins for these platforms. However, the updates for them include fixes for all the vulnerabilities mentioned in the December 2024 Android security bulletin.

Advertisement. Scroll to continue reading.

While no security bulletin detailing this month’s security update for Pixel devices has been published yet, Google is expected to produce one in the coming days.

Related: MITRE Updates List of 25 Most Dangerous Software Vulnerabilities

Related: Android Banking Trojan ToxicPanda Targets Europe

Related: FakeCall Android Trojan Evolves with New Evasion Tactics and Expanded Espionage Capabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.