This week, Google released a series of security updates for Android, addressing a total of 26 vulnerabilities, including a critical-severity flaw in the System component (CVE-2024-23706) affecting Android 14. This bug could potentially allow attackers to escalate their privileges on vulnerable devices, as noted in Google’s advisory. The updates include patches for various components such as the Framework, kernel, Arm, MediaTek, and Qualcomm. Additionally, Google issued separate security updates for Pixel devices, resolving seven vulnerabilities in the Bluetooth component, Mali GPU driver, and Qualcomm components. Pixel devices with the May 5 security patch level now contain fixes for these vulnerabilities, as well as those detailed in Android’s May 2024 security bulletin. Furthermore, Google announced security updates for Wear OS, addressing four vulnerabilities, including a critical-severity flaw in the Framework component, which could lead to local privilege escalation by a malicious app. Despite the disclosure of these vulnerabilities, Google has not reported any instances of exploitation in the wild.
Read more: https://www.securityweek.com/android-update-patches-critical-vulnerability/