Google has launched the September 2024 Android security updates to repair 34 vulnerabilities, together with CVE-2024-32896, an actively exploited elevation of privilege flaw that was beforehand mounted on Pixel units.
The high-severity vulnerability is said to a logic error within the code, which permits an attacker to bypass sure protections on Android and elevate their privileges with out requiring extra permissions. Nonetheless, consumer interplay is critical for the assault to work.
The flaw was mounted for Pixel units in June 2024 and was marked as actively exploited in restricted, focused assaults, together with by forensics corporations, to cease auto-wiping instruments like Wasted and Sentry from triggering when units are examined.
Android’s newest security replace now fixes CVE-2024-32896 for units operating Android 12, 12L, 13, and 14.
The remainder of the fixes that landed this month all concern high-severity points besides for 2 vulnerabilities in closed-course Qualcomm parts, particularly the WLAN subcomponent, tracked as CVE-2024-33042 and CVE-2024-33052.
The restricted data supplied by Qualcomm on these flaws categorizes each as reminiscence corruption issues within the FM Host part, solely exploitable regionally (bodily entry or earlier compromise by malware).
Provided that Google’s September 2024 security patches for Android handle an actively exploited vulnerability, it’s endorsed that every one Android customers apply the replace as quickly as potential.
To take action, navigate to Settings > System > Software program updates > System replace. Alternatively, head to Settings > Safety & privateness > System & updates > Safety replace, and click on on the ‘Verify for replace‘ button.
In the event you’re utilizing Android 11 or earlier, your machine is not actively supported, and also you’re really helpful to change to a more moderen mannequin or set up a third-party Android distribution that includes necessary security fixes.
Pixel fixes out as nicely
On the identical time because the Android security updates, Google launched patches for its Pixel units (collection 6 and later).
The newest pack of fixes addresses six elevation of privilege and knowledge disclosure flaws, 4 of which, within the Native Management Subsystem (LCS) and Low-level System Firmware (LDFW) parts, are rated important.
These are CVE-2024-44092 (LCS), CVE-2024-44093 (LDFW), CVE-2024-44094 (LDFW), and CVE-2024-44095 (LDFW), all elevation of privilege issues.
Although Pixel customers have had a turbulent expertise with security updates this 12 months, there aren’t any experiences that this newest replace is inflicting surprising bother.
