Patchday: Several modem security vulnerabilities in Android closed
Important security updates close several vulnerabilities in various Android versions.
Security vulnerabilities threaten Android smartphones.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Attackers can exploit several security vulnerabilities in Android 12, 12L, 13 and 14. Google and Samsung, among others, have now released updates for selected devices (see box).
Software vulnerabilities
If attacks are successful, attackers gain greater rights. In such a position, further, far-reaching attacks are usually possible. The majority of vulnerabilities are classified as"high" threat level. This affects the Android framework, kernel and system components. No additional user rights should be required in advance for an attack. This month, Google classifies an unspecified gap in the system component as the most dangerous. It is currently not known whether there are already attacks.
Other vulnerabilities can be found in subcomponents from third-party manufacturers such as Arm and MediaTek. These include the mali and modem subcomponents. Three vulnerabilities (CVE-2023-43538, CVE-2023-43551, CVE-2023-435556) in unspecified Qualcomm closed-source components are classified as"critical". The impact of successful attacks is currently unknown.
According to the developers, they have also secured the Google Play subcomponents Healthfitness, Statsd and WiFi.
Gaps closed
Google states that it has resolved the security issues in patch levels 2024-06-01 and 2024-06-05. If you have a device that is still under support, you should check the settings to see if the security updates have already been installed. The patches have now also been included in the Android Open Source Project Repository (AOSP).
(des)
