April 3, 2024 at 06:24AM
Google released patches for 28 Android vulnerabilities and 25 Pixel device bugs, including two actively exploited issues (CVE-2024-29745 and CVE-2024-29748). Notable among the flaws is CVE-2024-23704, a high-severity vulnerability in the System component. The update also addressed security issues in Qualcomm and MediaTek components and resolved bugs in Android Automotive OS and Wear OS.
From the meeting notes, the key takeaways are:
– Google announced patches for 28 vulnerabilities in Android and 25 other bugs in Pixel devices, including two issues exploited in the wild.
– The exploited flaws, tracked as CVE-2024-29745 and CVE-2024-29748, impact Pixel’s bootloader and firmware.
– Google has indications that these two security defects “may be under limited, targeted exploitation,” and has often linked these vulnerabilities to commercial spyware vendors.
– A total of 24 vulnerabilities leading to elevation of privilege (EoP) and information disclosure were addressed in various Pixel components, and another was resolved in Qualcomm components.
– The most severe vulnerability is CVE-2024-23704, an EoP defect in the System component that affects Android 13 and Android 14.
– The latest security patch level (2024-04-05) resolves all security defects in Pixel devices. Additionally, security updates were pushed out for Android Automotive OS and Wear OS to resolve all flaws fixed by the 2024-04-05 security patch level, but no additional vulnerabilities.
These takeaways summarize the main points and developments from the meeting notes on the Google security patches and Pixel device vulnerabilities.