August 6, 2024 at 04:00AM
Google announced its August 2024 Android security patches, including a high-severity zero-day vulnerability, CVE-2024-36971, in the kernel that could be exploited for remote code execution. Other updates address over 40 vulnerabilities, many with ‘high severity’ ratings, in components like framework, system, Arm, Imagination Technologies, MediaTek, and Qualcomm. Wear OS patches were also released.
The meeting notes summarize Google’s recent announcement of its August 2024 security patches for Android. The notable highlight is the inclusion of a zero-day vulnerability, CVE-2024-36971, which is a high-severity kernel issue that can be exploited for remote code execution requiring system execution privileges. It has been suggested that this vulnerability may be subject to limited, targeted exploitation. Additionally, the updates address more than 40 other vulnerabilities, with approximately a dozen flaws in the ‘framework’ component, and a few others in components such as Arm, Imagination Technologies, MediaTek, and Qualcomm. The update for Qualcomm components specifically addresses 27 vulnerabilities, including one with a critical severity rating leading to a permanent DoS condition. Furthermore, Google has also announced patches for Wear OS in the same release. These updates underscore Google’s commitment to addressing critical security concerns in its Android ecosystem.