March 6, 2024 at 08:31AM
Google released security updates for Android, addressing 38 vulnerabilities including 2 critical flaws in the System component impacting Android 12, 12L, 13, and 14. The flaws could result in remote code execution and elevation of privilege. Devices can be protected by installing the March 2024 security update. Other components like AMLogic, Arm, MediaTek, and Qualcomm were also patched. Pixel devices received patches for more than 50 vulnerabilities, with no indication of exploitation.
From the meeting notes, the key takeaways are:
– Security updates for Android were announced on Monday to address a total of 38 vulnerabilities, including two critical-severity issues in the System component (CVE-2024-0039 and CVE-2024-23717).
– These critical flaws in Android 12, 12L, 13, and 14 could lead to remote code execution and elevation of privilege, respectively.
– The first part of Android’s March 2024 security update (2024-03-01 patch level) addressed these critical flaws along with 11 other vulnerabilities, while the second part (2024-03-05 patch level) resolved 25 vulnerabilities in various components.
– Google also announced patches for more than 50 vulnerabilities in Pixel devices, including 16 critical-severity flaws leading to remote code execution and elevation of privilege.
– The vulnerabilities were not reported as being exploited in attacks, but users are advised to update their devices as soon as the updates are available.
– The patches for the Android flaws were also included in new updates for Automotive OS, Wear OS, and Pixel Watch, with an additional high-severity elevation of privilege security defect being resolved in the Wear OS update.
– Previous security updates for Android in January 2024 and December 2023 also addressed a significant number of vulnerabilities.
Please let me know if there is any further information needed.