Google has released its August security patch for Android, which fixes 46 bugs. One bug stands out as dangerous: CVE-2024-36971. This high-risk flaw affects Android’s networking stack. It scores 7.8 out of 10 on the CVSS scale. This bug could let attackers run code (RCE) and take over affected devices. Google’s Threat Analysis Group (TAG), which tracks state-backed hackers and spy software companies, says spyware operators are using this bug. This fits with TAG’s history of finding zero-day bugs used by spy tool vendors like NSO Group and Intellexa.
Besides the dangerous CVE-2024-36971, Google’s August update fixes other big problems. One is CVE-2024-23350, a serious flaw in a Qualcomm multi-mode call processor. This bug could cause a permanent denial of service (DOS), and could make the device unstable.
Moreover, the update has fixes for 11 serious elevation-of-privilege bugs in the Android Framework. These flaws pose a big risk because hackers can take advantage of them without needing extra permissions, making them easy targets.
The August update comes in two parts: the 2024-08-01 patch level, which deals with Android-specific problems, and the 2024-08-05 patch level, which includes fixes for parts from other companies like Arm, Imagination Technologies, MediaTek, and Qualcomm. These updates tackle both the weak spots in the Android framework and those affecting other key parts.
As usual, it’s a good idea for users to update their Android devices to guard against these and other weaknesses. Right now, the focus is on fixing the weak spots Google pointed out in its newest security update to keep devices safe and secure.
