Google August 2024 Android Security Bulletin Released

The brand is set to release Google released the August 2024 security bulletin and also released a. However, the bulletin mentions the new changes as well as the issues that come up. This month’s Android security update discovered 46 vulnerabilities that all allow attacks via remote code execution (RCE). 

Google August 2024 Security Bulletin: Framework And Kernel

Moreover, this 2024-08-05 or later security patch level addresses all these issues. This includes a zero-day vulnerability tracked as CVE-2024-36971, a use-after-free vulnerability in the Linux kernel’s network root management. The flaw requires system execution privileges and allows the attacker to change the behaviour of certain network connections. 

Google has released patches to fix a high-severity escalation of privilege flaw exploited in the attacks, including a high-severity escalation of privilege (EoP) flaw in the Pixel Firmware and others tracked by Google as CVE-2024-32896 and GrapheneOS as CVE-2024-29748. Google released two patch sets for the August security update – 2024-08-01 and 2024-08-05 security patch levels earlier. 

This update includes all the security fixes from the first set and additional patches for third-party closure source and kernel components, including a critical vulnerability (CVE-2024-23350) in a Qualcomm closed-source component. Given all these issues, the delay is likely necessary for additional testing of security patches to ensure compatibility with various hardware configurations.

Google August 2024 Security Bulletin: What Has Improved In This Patch?

Android users are notified of all issues at least a month before the rollout. Source code patches for these issues are also released to the Android Open Source Project (AOSP) repository over the next 48 hours. The most severe issue is a high-security vulnerability in a framework component that enables local escalation of privilege without requiring any additional execution privileges. 

Android Security Platform Security and Google Play Protect features are clearly described as features that improve the security of the Android platform. These capacities reduce the likelihood that security vulnerabilities can be successfully exploited on Android. Enhancements in newer versions of the platform make many issues on Android more difficult to exploit. 

The Android Security team monitors abuse through Google Play Protect and warns users about potentially harmful applications. Google Play Protect is enabled by default, which is important for users who install apps outside Google Play. The issues are also described in the bulletin and include the CVE ID, associated context, vulnerability type, severity and updated AOSP version. 

All public changes addressing the issue are linked to AOSP by bug ID. When the change is linked to a bug, the additional context is also linked to numbers after the bug ID. All these changes are found in security updates for Android 10 and above, as well as Google Play system updates. 

Additionally, the brand has revealed several changes in which the most severe vulnerabilities in several framework sections can escalate local privileges. However, vulnerabilities in the system can lead to remote information disclosure and do not require execution privileges. No security issues have been addressed in Google Play system updates this month through Google Play system updates. 

“If you like this article follow us on Google News, Facebook, Telegram, and Twitter. We will keep bringing you such articles.”