Google releases Android monthly patch, including fix for a critical remote code execution flaw

published: Feb. 6, 2024

Take action: Maybe not the most urgent patch level, but still wise to apply as soon as your vendor releases an update for your phone. Depending on the vendor you might wait for some weeks before the update is released for your phone.

Learn More

Google has released the February 2024 patch for Android operating system with fixes of 46 vulnerabilities.

One of the vulnerabilities is classified as critical, tracked as CVE-2024-0031, was found to affect the System component of the Android Open Source Project (AOSP) versions 11 through 14. It allows attackers to execute malicious code on a victim's device remotely without requiring any additional permissions, presenting a considerable risk to millions of Android users worldwide.

To mitigate these vulnerabilities, Google released two security patch releases in February 2024: the 2024-02-01 and 2024-02-05 patches. These updates are designed to address a spectrum of issues, with the initial patch focusing on 15 vulnerabilities across core Android components, including the Framework and System, and the latter patch targeting defects in third-party vendor components from major manufacturers like Arm, MediaTek, Unisoc, and Qualcomm.

Besides the critical CVE-2024-0031 RCE vulnerability, the updates also fixed various high-severity issues, such as escalation of privilege, information disclosure, and denial of service problems.

Google's is withholding detailed information about the vulnerabilities to prevent active exploitation and gives users globally ample time to secure their devices. Android users are strongly encouraged to apply these critical updates by navigating to Settings → System → System Update on their devices to check for and install the latest security patches.

Google releases Android monthly patch, including fix for a critical remote code execution flaw