Google has launched the September 2024 Android safety updates to mend 34 vulnerabilities, together with CVE-2024-32896, an actively exploited elevation of privilege flaw that was once up to now mounted on Pixel gadgets.
The high-severity vulnerability is said to a good judgment error within the code, which permits an attacker to avoid positive protections on Android and raise their privileges with out requiring further permissions. On the other hand, person interplay is important for the assault to paintings.
The flaw was once mounted for Pixel gadgets in June 2024 and was once marked as actively exploited in restricted, centered assaults, together with by way of forensics corporations, to forestall auto-wiping gear like Wasted and Sentry from triggering when gadgets are tested.
Android’s newest safety replace now fixes CVE-2024-32896 for gadgets working Android 12, 12L, 13, and 14.
The remainder of the fixes that landed this month all worry high-severity problems except for for 2 vulnerabilities in closed-course Qualcomm parts, particularly the WLAN subcomponent, tracked as CVE-2024-33042 and CVE-2024-33052.
The restricted knowledge supplied by way of Qualcomm on those flaws categorizes each as reminiscence corruption issues within the FM Host element, best exploitable in the community (bodily get entry to or earlier compromise by way of malware).
For the reason that Google’s September 2024 safety patches for Android cope with an actively exploited vulnerability, it is strongly recommended that each one Android customers follow the replace once conceivable.
To take action, navigate to Settings > Device > Instrument updates > Device replace. On the other hand, head to Settings > Safety & privateness > Device & updates > Safety replace, and click on at the ‘Test for replace‘ button.
If you are the use of Android 11 or previous, your instrument is not actively supported, and you are beneficial to change to a more recent type or set up a third-party Android distribution that comprises necessary safety fixes.
Pixel fixes out as smartly
On the identical time because the Android safety updates, Google launched patches for its Pixel gadgets (sequence 6 and later).
The most recent pack of fixes addresses six elevation of privilege and data disclosure flaws, 4 of which, within the Native Regulate Subsystem (LCS) and Low-level Instrument Firmware (LDFW) parts, are rated important.
The ones are CVE-2024-44092 (LCS), CVE-2024-44093 (LDFW), CVE-2024-44094 (LDFW), and CVE-2024-44095 (LDFW), all elevation of privilege issues.
Although Pixel customers have had a turbulent enjoy with safety updates this 12 months, there aren’t any experiences that this newest replace is inflicting surprising bother.