Google has launched the September 2024 Android safety updates to repair 34 vulnerabilities, together with CVE-2024-32896, an actively exploited elevation of privilege flaw that was beforehand fastened on Pixel gadgets.
The high-severity vulnerability is expounded to a logic error within the code, which permits an attacker to bypass sure protections on Android and elevate their privileges with out requiring extra permissions. Nonetheless, consumer interplay is important for the assault to work.
The flaw was fastened for Pixel gadgets in June 2024 and was marked as actively exploited in restricted, focused assaults, together with by forensics corporations, to cease auto-wiping instruments like Wasted and Sentry from triggering when gadgets are examined.
Android’s newest safety replace now fixes CVE-2024-32896 for gadgets working Android 12, 12L, 13, and 14.
The remainder of the fixes that landed this month all concern high-severity points besides for 2 vulnerabilities in closed-course Qualcomm parts, particularly the WLAN subcomponent, tracked as CVE-2024-33042 and CVE-2024-33052.
The restricted info supplied by Qualcomm on these flaws categorizes each as reminiscence corruption issues within the FM Host part, solely exploitable domestically (bodily entry or earlier compromise by malware).
On condition that Google’s September 2024 safety patches for Android deal with an actively exploited vulnerability, it is suggested that each one Android customers apply the replace as quickly as attainable.
To take action, navigate to Settings > System > Software program updates > System replace. Alternatively, head to Settings > Safety & privateness > System & updates > Safety replace, and click on on the ‘Verify for replace‘ button.
In the event you’re utilizing Android 11 or earlier, your machine is now not actively supported, and also you’re really helpful to modify to a more moderen mannequin or set up a third-party Android distribution that comes with necessary safety fixes.
Pixel fixes out as effectively
On the similar time because the Android safety updates, Google launched patches for its Pixel gadgets (collection 6 and later).
The most recent pack of fixes addresses six elevation of privilege and knowledge disclosure flaws, 4 of which, within the Native Management Subsystem (LCS) and Low-level Machine Firmware (LDFW) parts, are rated essential.
These are CVE-2024-44092 (LCS), CVE-2024-44093 (LDFW), CVE-2024-44094 (LDFW), and CVE-2024-44095 (LDFW), all elevation of privilege issues.
Although Pixel customers have had a turbulent expertise with safety updates this yr, there aren’t any reviews that this newest replace is inflicting sudden bother.