Attackers can attack Android smartphones and tablets with malicious code, among other things, and thus compromise them. Security patches have now been released for Google's Pixel series, among others.
Advertisement
LG and Samsung also provide monthly updates for selected devices (see box). If you have a supported device, you should check the settings to see whether there is already a current patch level (2024-03-01 or 2024-03-05) is installed.
System gaps
In a warning message, Google classifies a “critical“Gap (CVE-2024-0039) in the system is considered the most dangerous. According to the manufacturer, attackers can use this to execute malicious code under Android 12, 12L, 13 and 14 without additional execution permissions. How such an attack could occur is still unclear.
By successfully exploiting another system vulnerability (CVE-2024-23717 “critical“), attackers can gain higher user rights. Information can leak about other vulnerabilities in the system.
Even more gaps
Other entry points for attackers can be errors in the framework. At this point, DoS attacks, among other things, are possible. In addition, components from manufacturers such as Arm and MediaTek are still vulnerable. This affects the bootloader, for example. The gaps are with the threat level “hoch” classified.
Google's Pixel series is getting some additional security updates this month. Among them are “critical” Malicious code holes in subcomponents such as the modem.
There are also security patches for Android Automotive, Pixel Watch and Wear.
In addition to Google, other manufacturers regularly publish security patches – but usually only for a few product series. Devices from other manufacturers receive the updates much later or, in the worst case, not at all.
(of the)