National Cyber Warfare Foundation (NCWF) Forums


Small number of vulnerabilities patched in last Android security update of 2024
0 user ratings		2024-12-02 21:15:03
milo
Blue Team (CND)

None of the patched bugs were considered critical.


The post Small number of vulnerabilities patched in last Android security update of 2024 appeared first on CyberScoop.



Google on Monday released its December 2024 Android Security Bulletin, detailing a range of security vulnerabilities affecting various components across Android devices, with some potentially allowing remote code execution and local escalation of privileges.





The bulletin’s most critical concern centers on vulnerabilities within the system components, which allow developers to build applications with specific functionalities within the Android ecosystem. One particular vulnerability, CVE-2024-43767, allows for remote code execution. The company states that the vulnerability does not require additional execution privileges for a malicious actor to exploit it. Google rated the bug as a “high” severity bug, but it has yet to have a CVE entry in NIST’s National Vulnerability Database (NVD).





Google has ensured that its Android partners were alerted to these issues well in advance, providing a window for necessary adjustments ahead of the patches’ public release. Source code patches for these vulnerabilities have been integrated into the Android Open Source Project (AOSP) repository, with further details and patches to be made accessible from Android partners like MediaTek and Qualcomm. 





This month’s bulletin also lists several vulnerabilities that impact components specific to Imagination Technologies, MediaTek, and Qualcomm, with severity levels classified as high.





Beyond system components, the bulletin details vulnerabilities in frameworks that could enable local privilege escalation without additional execution privileges. These are identified by distinct CVE references and affect various Android versions from 12 to 15. 





You can read the full bulletin here


The post Small number of vulnerabilities patched in last Android security update of 2024 appeared first on CyberScoop.



Source: CyberScoop
Source Link: https://cyberscoop.com/android-security-update-december-2024/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Blue Team (CND)


Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.