Patchday: Malware gaps threaten Android 12, 13, 14 and 15
Google and other Android device manufacturers have closed several critical gaps in various Android versions.
Security vulnerabilities threaten Android smartphones.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Attackers can attack smartphones and tablets with Android and, in the worst case, compromise devices by executing malicious code. Android editions have now been released for certain devices.
Critical security vulnerabilities
According to a post, Google classifies one vulnerability in the system as particularly dangerous. In total, the developers have closed five “critical” malicious code gaps (CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-43747, CVE-2024-4349748) in the system. In all cases, remote attacks should be possible.
It is not yet known how attacks could take place. So far, there is no information that attackers are already exploiting vulnerabilities.
Overall, the developers have closed gaps in the framework, media framework and system. After successful attacks, attackers can gain higher user rights and create DoS states, among other things.
Install security updates
There are also some security patches for components from MediaTek and Qualcomm, among others. The kernel and WLAN are affected. In the MediaTek modem (CVE-2024-20154 “critical”), for example, attackers can provoke a memory error (out of bounds) to push malicious code onto smartphones and execute it. In such a case, devices are usually considered fully compromised. If you own an Android device that is still supported, you should ensure that one of the current patch levels 2025-01-01 or 2025-01-05 is installed in the system settings.
In addition to Google, LG, and Samsung, among others, also release monthly security updates for selected devices (see box).
(des)
