September 4, 2024 at 05:36AM
Google has released a new set of Android security updates addressing 35 vulnerabilities, including a high-severity local privilege escalation bug. The bug, tracked as CVE-2024-32896, was exploited in attacks and is addressed in the September 2024 Android security bulletin. The updates also resolve other high-severity flaws and issues in Framework and System components.
From the meeting notes, it is clear that Google has announced a set of Android security updates addressing a total of 35 vulnerabilities, including a local privilege escalation bug in the Android Framework component. The bug, tracked as CVE-2024-32896 with a CVSS score of 7.8, was initially disclosed in June and has been exploited as a zero-day to target Pixel devices.
The September 2024 Android security bulletin from Google indicates that the most severe issue is the high-security vulnerability in the Framework component. It has been patched with the 2024-09-01 security patch level, along with other security defects. The second part of the Android security update, with the 2024-09-05 security patch level, addresses 25 bugs in Kernel, Arm, Imagination Technologies, Unisoc, and Qualcomm components.
The September 2024 Pixel security update also patches several critical-severity bugs, described as elevation of privilege flaws.
Furthermore, Google published a separate advisory drawing attention to 14 security defects resolved with the Android 15 update. It was also mentioned that Automotive OS and Wear OS updates were released, with one and four vulnerabilities patch respectively.
In summary, the meeting notes provide detailed information about the recent Android security updates, highlighting the addressed vulnerabilities and the specific devices and components affected.