Google releases Android May patches, one critical issue patched
Take action: Not the most urgent patch release for Android. A lot of patches but most with complex exploit scenarios. It's still wise to apply the Android patch as soon as your vendor releases an update for your phone. Depending on the vendor you might wait for some weeks before the update is released for your phone.
Learn More
Google has released the Android May patches fixing multiple vulnerabilities of the Android operating system and supporting components. The most severe vulnerability, tracked as CVE-2024-23706 (CVSS score 7.8), impacts only Android 14 and is considered critical. This vulnerability allows for local escalation of privileges without the need for additional execution privileges, potentially allowing attackers to gain deeper access to the system.
Google has also several other high-risk vulnerabilities in the Android framework: CVE-2024-0024, CVE-2024-0025, CVE-2024-23705, CVE-2024-23708, CVE-2024-0043, CVE-2024-23707, CVE-2024-23709, all allowing similar privilege escalation and affecting Android 12-14.
Additional vulnerabilities have been addressed in the Android kernel and components provided by ARM, MediaTek, and Qualcomm. These include high-risk vulnerabilities affecting various subsystems like the Mali GPU in ARM components, and multiple high-risk vulnerabilities in MediaTek and Qualcomm components, specifically affecting the display and video handling capabilities.
The security patches were distributed in two main patch levels dated May 1, 2024, and May 5, 2024. The first patch level addresses vulnerabilities directly in the Android system and the framework, while the second patch level includes updates to the kernel and component-specific vulnerabilities from ARM, MediaTek, and Qualcomm.
Devices running Android 10 and later may receive these updates as mobile phone vendors implement them in the specific device releases.
