Google has launched patches for 46 vulnerabilities in Android, together with a distant code execution (RCE) vulnerability that it says has been utilized in restricted, focused assaults.
You could find your system’s Android model quantity, safety replace stage, and Google Play system stage in your Settings app. You’ll get notifications when updates can be found for you, however you too can examine for updates.
In case your Android telephone is at patch stage 2024-08-01 or later then the problems mentioned beneath have been mounted. The updates have been made out there for Android 12, 12L, 13, and 14. Android companions, equivalent to Samsung, Sony, and many others, are notified of all points not less than a month earlier than publication, nevertheless, this doesn’t all the time imply that the patches can be found for gadgets from all distributors.
For many Android gadgets, you may examine for brand new updates like this: Underneath About telephone or About system you may faucet on Software program updates, though there could also be slight variations primarily based on the model, sort, and Android model.
Technical particulars
The Widespread Vulnerabilities and Exposures (CVE) database lists publicly disclosed pc safety flaws. The actively exploited vulnerability is listed as:
CVE-2024-36971 is a use after free (UAF) vulnerability within the Linux kernel. The vulnerability might result in distant code execution with System execution privileges wanted.
This Linux kernel vulnerability impacts the Android OS as a result of the Android kernel relies on an upstream Linux Lengthy Time period Supported (LTS) kernel. This kernel is just like the engine of the working system, managing the {hardware} and fundamental capabilities.
The Android kernel relies on a model of the Linux kernel, which is a well-liked core for a lot of working programs. Particularly, Android makes use of a model of the Linux kernel that’s designated as “Lengthy Time period Supported” (LTS). This implies it’s a model that will get updates and fixes for an extended interval than common variations, making certain it stays safe and secure over time.
UAF is a sort of vulnerability that occurs when a program incorrectly handles its reminiscence. When a program frees up a bit of reminiscence however nonetheless tries to make use of it afterward, an attacker can exploit this error. This may trigger this system to crash, behave unpredictably, and even run dangerous code. On this case it permits the attacker to remotely execute code on the system if they’ve sufficient privileges.
Attackers would want to achieve the wanted privileges to make use of this vulnerability by combining it with different vulnerabilities.
We don’t simply report on telephone safety—we offer it
Cybersecurity dangers ought to by no means unfold past a headline. Preserve threats off your cellular gadgets by downloading Malwarebytes for iOS, and Malwarebytes for Android immediately.