Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Android’s January 2024 Security Update Patches 58 Vulnerabilities

Android’s first security update of 2024 resolves high-severity elevation of privilege and information disclosure vulnerabilities.

Android patches

Google kicked off 2024 with the release of patches for 58 vulnerabilities in the Android platform, along with fixes for three security bugs in Pixel devices.

The first part of Android’s January 2024 update, which arrives on devices as the 2024-01-01 security patch level, addresses ten security holes in the Framework and System components, all rated ‘high severity’.

“The most severe of these issues is a high security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed,” Google notes in its advisory.

The security update resolves five flaws in the Framework component, including four elevation of privilege and one information disclosure bug. Five other issues were addressed in the System component, including one elevation of privilege and four information disclosure defects.

The second part of the update, the 2024-01-05 security patch level, includes patches for 48 vulnerabilities in Arm, Imagination Technologies, MediaTek, Unisoc, and Qualcomm components.

While most of the resolved bugs have a severity rating of ‘high’, three issues in Qualcomm components are rated ‘critical’.

All devices running a security patch level of 2024-01-05 are patched against all these flaws, as well as the vulnerabilities addressed with previous Android security updates.

This month, Google patched three security defects impacting Pixel devices, all in Qualcomm components and all rated ‘medium severity’.

Advertisement. Scroll to continue reading.

Pixel devices running a security patch level of 2024-01-05 are patched against these flaws and all the bugs detailed in Android’s January 2024 security bulletin.

Google also announced fixes for one high-severity vulnerability in Wear OS, addressed as part of an update that also includes the patches from Android’s January 2024 security update.

All these flaws were also addressed with an update to the 2024-01-05 patch level for Pixel Watch devices.

The internet giant makes no mention of any of these vulnerabilities being exploited in attacks. However, users are advised to update their devices as soon as possible.

Related: 94 Vulnerabilities Patched in Android With December 2023 Security Updates

Related: 37 Vulnerabilities Patched in Android With November 2023 Security Updates

Related: Android’s October 2023 Security Updates Patch Two Exploited Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.