Which vulnerabilities are particularly important in the August 2024 Android Security Bulletin?

Key vulnerabilities to pay attention to include: - CVE-2024-36971 (CVSS score 7.8): A high-severity remote code execution (RCE) vulnerability in the Kernel component. - CVE-2024-23350: A critical vulnerability in a closed-source component of the Qualcomm chipset.

What are the Framework vulnerabilities listed in the August 2024 Android Security Bulletin?

Framework vulnerabilities include multiple Elevation of Privilege (EoP) vulnerabilities affecting various Android versions, as well as an Information Disclosure (ID) and a Denial of Service (DoS) vulnerability affecting Android versions 12, 12L, 13, and 14.

What are the System vulnerabilities listed in the August 2024 Android Security Bulletin?

The System vulnerability listed is CVE-2024-34727, an Information Disclosure (ID) vulnerability affecting Android versions 12, 12L, 13, and 14.

What are the Kernel vulnerabilities listed in the August 2024 Android Security Bulletin?

The Kernel vulnerability listed is CVE-2024-36971, a remote code execution (RCE) vulnerability affecting the kernel, potentially under targeted exploitation.

What are the vulnerabilities in other components listed in the August 2024 Android Security Bulletin?

Other component vulnerabilities include: - Arm Components: CVE-2024-2937 and CVE-2024-4607 (both high-severity vulnerabilities in Mali). - Imagination Technologies: CVE-2024-31333 (high-severity vulnerability in PowerVR-GPU). - MediaTek Components: CVE-2024-20082 (high-severity vulnerability in Modem). - Qualcomm Components: Multiple high-severity vulnerabilities affecting Display and WLAN components.

Advisory

Google releases Android August patches, fixes at least one exploited flaw

Q: What does the Android Security Bulletin for August 2024 address?

The Android Security Bulletin for August 2024 fixes multiple security vulnerabilities impacting Android devices. Source code patches for these vulnerabilities will be made available in the Android Open Source Project (AOSP) repository within the next 48 hours, and the bulletin will be updated with AOSP links once released.

published: Aug. 6, 2024

Take action: This patch has a couple of interesting fixes for Android - although the actively exploited one needs physical access to the device. It's wise to apply the Android patch as soon as your vendor releases an update for your phone. Depending on the vendor you might wait for some weeks/months before the update is released for your phone.

Learn More

The Android Security Bulletin for August 2024, fixes multiple security vulnerabilities impacting Android devices. Source code patches for these vulnerabilities will be made available in the Android Open Source Project (AOSP) repository within the next 48 hours, and the bulletin will be updated with AOSP links once released.

Vulnerabilities to pay attention to

CVE-2024-36971 (CVSS score 7.8): A high-severity remote code execution (RCE) vulnerability in the Kernel component, potentially under limited, targeted exploitation.
CVE-2024-23350: Critical vulnerability in a closed-source component of Quallcom chipset

Detailed Vulnerability Breakdown

Framework Vulnerabilities

CVE-2023-20971: Elevation of Privilege (EoP) affecting Android versions 12, 12L, 13, 14.
CVE-2023-21351: EoP affecting Android versions 12, 12L, 13.
CVE-2024-34731: EoP affecting Android versions 12, 12L, 13, 14.
CVE-2024-34734: EoP affecting Android versions 13, 14.
CVE-2024-34735: EoP affecting Android versions 12, 12L, 13.
CVE-2024-34737: EoP affecting Android versions 12, 12L, 13, 14.
CVE-2024-34738: EoP affecting Android versions 13, 14.
CVE-2024-34739: EoP affecting Android versions 12, 12L, 13, 14.
CVE-2024-34740: EoP affecting Android versions 12, 12L, 13, 14.
CVE-2024-34741: EoP affecting Android versions 12, 12L, 13, 14.
CVE-2024-34743: EoP affecting Android version 14.
CVE-2024-34736: Information Disclosure (ID) affecting Android versions 12, 12L, 13, 14.
CVE-2024-34742: Denial of Service (DoS) affecting Android version 14.

System Vulnerabilities

CVE-2024-34727: ID vulnerability affecting Android versions 12, 12L, 13, 14.

Kernel Vulnerabilities

CVE-2024-36971: RCE vulnerability affecting the kernel, potentially under targeted exploitation.

Other Component Vulnerabilities

Arm Components:
- CVE-2024-2937: High-severity vulnerability in Mali.
- CVE-2024-4607: High-severity vulnerability in Mali.
Imagination Technologies:
- CVE-2024-31333: High-severity vulnerability in PowerVR-GPU.
MediaTek Components:
- CVE-2024-20082: High-severity vulnerability in Modem.
Qualcomm Components:
- Multiple high-severity vulnerabilities affecting Display and WLAN components.

Android users should update their devices to the latest security patch level to mitigate these vulnerabilities. Users can check their device's security patch level and update it through their settings.

Google releases Android August patches, fixes at least one exploited flaw

Read More
North Korean hackers exploit flaw in Microsoft Edge …
Google releases one more urgent Chrome update
Instagram API exposure leaks 17.5 million user records
Mozilla patches critical Firefox sandbox escape flaw on …
Two high severity faws reported in Foxit PDF …