Patchday: Android 12, 13, 14 and 15 vulnerable to malware attacks
Attackers can attack Android devices in various ways and gain access to smartphones.
Security vulnerabilities threaten Android smartphones.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
After successful attacks on smartphones and tablets with Android, attackers can completely compromise devices in some cases. Security updates are available for selected devices.
Vulnerabilities at system level
In a warning message, Google highlights a security vulnerability (CVE-2024-43767 "high") in the system as particularly threatening: attackers can execute malicious code. No additional execution rights are required for this. However, it remains unclear exactly how such an attack could take place.
Two other system vulnerabilities (CVE-2024-43097"high", CVE-2024-43768"high") allow attackers to gain higher user rights. Android 12, 12L, 14, 14 and 15 are threatened by these three vulnerabilities.
Further security vulnerabilities
Attackers can also exploit vulnerabilities in the framework and components from Qualcomm, among others. At this point, for example, the WLAN subcomponent is at risk (CVE-2024-33063"high"). Remote attackers can trigger a memory error here. This usually leads to crashes (DoS) or malicious code can even get onto systems.
The developers state that they have solved the security problems in the patch levels 2024-12-01 and 2014-12-05. As a result, owners of Android devices should ensure that their smartphone or tablet is up to date.
Videos by heise
However, the security updates are by no means available for all Android devices. Support for Google's Pixel Series 5a, for example, expired in the summer of this year. This will next be the case for the Pixel 6 and Pixel 6 Pro in October 2026. In addition to Google, other manufacturers such as Samsung also provide patches for certain devices (see box).
(des)
