Google fixed an Android critical remote code execution flaw
February 06, 2024
Google released Android ’s February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution issue.
Google released Android February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution flaw tracked as CVE-2024-0031.
The vulnerability resides in the System and impacts Android Open Source Project (AOSP) versions 11, 12, 12L, 13, and 14.
“Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP.” reads the advisory published by Google. “The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed.”
Google released Android’s 2024-02-01 security patch level and Android’s 2024-02-05 security patch level to fix the issues.
The company released two security patch levels to allow partners to resolve a subset of vulnerabilities. However, the company recommends Android partners to address all the issues included in the bulletin.
Users should apply the security patches as soon as the software updates are available for them.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Google)