Google has launched the September 2024 Android safety updates to repair 34 vulnerabilities, together with CVE-2024-32896, an actively exploited elevation of privilege flaw that was beforehand mounted on Pixel units.
The high-severity vulnerability is said to a logic error within the code, which permits an attacker to bypass sure protections on Android and elevate their privileges with out requiring extra permissions. Nevertheless, person interplay is important for the assault to work.
The flaw was mounted for Pixel units in June 2024 and was marked as actively exploited in restricted, focused assaults, together with by forensics corporations, to cease auto-wiping instruments like Wasted and Sentry from triggering when units are examined.
Android’s newest safety replace now fixes CVE-2024-32896 for units operating Android 12, 12L, 13, and 14.
The remainder of the fixes that landed this month all concern high-severity points besides for 2 vulnerabilities in closed-course Qualcomm elements, particularly the WLAN subcomponent, tracked as CVE-2024-33042 and CVE-2024-33052.
The restricted info offered by Qualcomm on these flaws categorizes each as reminiscence corruption issues within the FM Host part, solely exploitable domestically (bodily entry or earlier compromise by malware).
On condition that Google’s September 2024 safety patches for Android tackle an actively exploited vulnerability, it’s endorsed that every one Android customers apply the replace as quickly as attainable.
To take action, navigate to Settings > System > Software program updates > System replace. Alternatively, head to Settings > Safety & privateness > System & updates > Safety replace, and click on on the ‘Test for replace‘ button.
In case you’re utilizing Android 11 or earlier, your gadget is not actively supported, and also you’re beneficial to modify to a more moderen mannequin or set up a third-party Android distribution that comes with necessary safety fixes.
Pixel fixes out as effectively
On the similar time because the Android safety updates, Google launched patches for its Pixel units (collection 6 and later).
The most recent pack of fixes addresses six elevation of privilege and data disclosure flaws, 4 of which, within the Native Management Subsystem (LCS) and Low-level Machine Firmware (LDFW) elements, are rated vital.
These are CVE-2024-44092 (LCS), CVE-2024-44093 (LDFW), CVE-2024-44094 (LDFW), and CVE-2024-44095 (LDFW), all elevation of privilege issues.
Although Pixel customers have had a turbulent expertise with safety updates this yr, there aren’t any reviews that this newest replace is inflicting sudden hassle.