Android Patchday: Updates close several high-risk gaps
In September, Google releases bug-fixed Android versions on Patchday. They mainly close high-risk gaps.
Security vulnerabilities threaten Android smartphones.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Google released new Android versions on September Patchday. They close security gaps in the cell phone operating system, most of which have been classified as high risk.
In the security announcement, Google's developers explain which vulnerabilities are fixed with the updates. The patch level 2024-09-01 seals eleven security vulnerabilities. There are three vulnerabilities in the Android framework of Android 12,12L, 13 and 14 that allow attackers to extend their rights. There are five other high-risk vulnerabilities in the system with the same effects. In addition, another vulnerability allows unauthorized spying of information. There is only one denial-of-service gap in the Android 14 system. Without further information, Google is also closing a leak with a Google Play system update, which affects the "Remote Key Provisioning" mechanism.
Further fixes for components
Patch level 2024-09-05 fixes security-relevant errors, particularly in various components, including those from third-party manufacturers. The kernel contained a privilege escalation vulnerability. There are also updates for ARM Mali graphics drivers, as well as for PowerVR graphics units from Imagination Technologies. The CPU manufacturers Unisoc and Qualcomm have also closed numerous leaks in the patch level, some of which have even been classified as critical risks.
Videos by heise
It is now up to the cell phone manufacturers to incorporate the security-relevant bug fixes into firmware updates for the Android smartphones and distribute them to the affected customers. Google is taking the lead for the Pixel phones. According to Google's security announcement, the updates correct the bugs with the 2024-09-05 patch level. However, the developers are also patching four unspecified vulnerabilities classified as critical and two others with a high threat level.
Google has also just published the source code for Android 15 in AOSP. The first manufacturers are expected to provide upgrades for supported smartphones shortly.
Google had already patched numerous vulnerabilities on Android Patchday in August. However, one in the kernel was already under active attack, which the updates then closed.
(dmk)
