Android’s July 2024 Security Update: 27 vulnerabilities Patched

The Android Safety Bulletin well-known aspects security vulnerabilities affecting Android devices, where devices with security patch ranges of 2024-07-05 or later address these considerations, whereas Android companions are notified of vulnerabilities in design and source code patches are launched.

There is a major security hole within the Framework component that might perchance well perchance let somebody attach extra rights within the community, assuming that security measures are both became off for attempting out purposes or are not feeble in any admire.

The Android security platform and Google Play Protect work collectively to mitigate security vulnerabilities on Android devices, and more moderen Android variations earn it more sturdy to make the most of these vulnerabilities.

Customers might perchance well comprise to update to basically the most stylish Android model every time conceivable, as Google Play Protect actively identifies and warns customers about potentially corrupt applications, seriously for customers installing apps from outdoors the unswerving Google Play retailer.

Essentially the most stylish security bulletin well-known aspects vulnerabilities patched on July 1st, 2024, classified by affected parts (Framework, Machine, and a great deal of others.) with recordsdata love CVE ID, severity, and fastened variations.

The Android security bulletin studies main Elevation of Privilege (EoP) vulnerabilities within the Framework and Machine parts affecting diversified Android variations, which can perchance well perchance allow attackers to attach unauthorized take care of an eye on of a application without wanting extra privileges.

A excessive-severity Information Disclosure (ID) vulnerability exists within the MediaProvider component, potentially exposing sensitive recordsdata that is delivered by Google Play arrangement updates.

The Android security bulletin for July 5th, 2024 (patch level 2024-07-05) addresses a major vulnerability (CVE-2024-26923) within the kernel that might perchance well perchance allow an attacker to escalate privileges to a native administrator without wanting extra permissions.

Two excessive-severity vulnerabilities (CVE-2024-0153 and CVE-2024-4610) were identified in Mali, an Arm component, and extra well-known aspects and severity assessments for the Mali vulnerabilities will seemingly be stumbled on staunch now from Arm.

Imagination Applied sciences (Imagination) identified a lot of excessive-severity vulnerabilities (CVE-2024-31334, CVE-2024-31335, CVE-2024-34724, CVE-2024-34725, and CVE-2024-34726) affecting their PowerVR GPUs.

Most well-known aspects and severity assessments are on hand from Imagination, and MediaTek reported main vulnerabilities (CVE-2024-20076, CVE-2024-20077) of their modem parts.

The file well-known aspects a lot of excessive-severity vulnerabilities affecting Qualcomm parts.

The vulnerabilities reside within the kernel, demonstrate, and unidentified closed-source parts.

Amongst the particular vulnerabilities which were identified are CVE-2024-23368 (Kernel), CVE-2024-23372, CVE-2024-23373, and CVE-2024-23380 (all Display conceal).

The closed-source component vulnerabilities consist of CVE-2024-21461 (main), CVE-2024-21460, CVE-2024-21462, CVE-2024-21465, and CVE-2024-21469 (all excessive-severity).