Table of Contents
When it’s not Chrome, it’s Android. Google has just released its September security update, and given the critical nature of the patches included, it’s highly recommended to install it as soon as possible.
For years now, Google has adhered to a monthly routine: releasing security updates at the beginning of each month to address vulnerabilities before they can be exploited. However, this time, the changelog brought an unwelcome surprise: one of the 34 vulnerabilities patched in this update is a high-severity CVE.
An Actively Exploited Vulnerability
The vulnerability, labeled CVE-2024-32896, has a CVSS score of 7.8 according to the NIST classification. It allows hackers to exploit a logical error in the OS code to bypass certain security barriers on Android and gain elevated privileges without requiring additional permissions. This type of vulnerability is not new, but the current security risk is significant because it was already detected and patched on Google Pixel devices last June.
Since then, three months have passed without other smartphone manufacturers providing a patch for their devices. As a result, this vulnerability, which has been known to the public since early summer, has been actively exploited.
Therefore, it is highly recommended to update your Android system with the September patch, which includes versions 12, 12L, 13, and 14, as earlier versions are no longer supported by Google. To do this, go to Settings > System > Software Updates > System Update. If the update doesn’t appear, you can manually search for it by selecting Check for Updates.
A Separate Patch for Google Pixel Devices
In addition to the actively exploited vulnerability, the September Android security patch addresses 33 other significant vulnerabilities, two of which are linked to Qualcomm components.
Simultaneously, Google has deployed a second patch exclusively for Pixel 6 and newer models running on Android 14. This patch addresses six vulnerabilities that could lead to privilege escalation attacks, all of which are assessed by NIST as critical security risks for the devices.
Another positive outcome of this security update is the resolution of the Showcase.apk issue. This undetectable application, developed by Smith Micro for Verizon, was designed to transform Google smartphones into demonstration devices in stores. Installed on all Pixel devices since 2017, Showcase.apk gained notoriety this summer when hackers exploited it to execute remote code and install malware on compromised devices. Google has been aware of the issue since May 2023, but remained vague regarding the deployment of a security patch.
Why It’s Crucial to Update Immediately
This new information underscores the importance of promptly installing security updates on all Android devices. Cyber threats evolve quickly, and every day that passes without patching vulnerabilities like CVE-2024-32896 increases the risk of exploitation by malicious actors. Users are encouraged to be proactive about their device’s security by staying informed about the latest updates and applying them as soon as they become available.
For Pixel owners, the additional patches for Android 14 make it even more critical to keep devices updated to avoid potential attacks that target known vulnerabilities. Google’s commitment to security through regular updates shows the company’s effort to protect its users, but it also requires action from the users themselves.
How to Ensure Your Device is Secure
To protect your device, follow these steps:
- Check for Updates Regularly: Go to Settings > System > Software Updates > Check for Updates.
- Install Updates Promptly: Don’t delay in installing any available updates to ensure that your device is protected against the latest threats.
- Stay Informed: Follow official channels like Google’s blog or trusted tech news sites to stay up-to-date on the latest security updates.
By taking these steps, you can significantly reduce the risk of falling victim to exploits targeting known vulnerabilities. Remember, cybersecurity starts with you, and staying updated is a simple but crucial step in safeguarding your personal information.
Source : Bleeping Computer