Small number of vulnerabilities patched in last Android security update of 2024 | CyberScoop<\/title> <meta name=\"description\" content=\"Google's latest Android Security Bulletin includes remote code execution risks and local privilege escalations affecting Android devices.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/android-security-update-december-2024\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Small number of vulnerabilities patched in last Android security update of 2024\"> <meta property=\"og:description\" content=\"Google's latest Android Security Bulletin includes remote code execution risks and local privilege escalations affecting Android devices.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/android-security-update-december-2024\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-12-02T21:14:41+00:00\"> <meta property=\"article:modified_time\" content=\"2024-12-02T21:14:44+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/small-number-of-vulnerabilities-patched-in-last-android-security-update-of-2024-2.jpg\"> <meta property=\"og:image:width\" content=\"3434\"> <meta property=\"og:image:height\" content=\"2123\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@gregotto\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1732206022g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1730999764g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1732010462g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ddc036fa194c40cf406f\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/82772\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=82772\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fandroid-security-update-december-2024%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fandroid-security-update-december-2024%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-82772 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/android-security-update-december-2024\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.38418079096\">\n<div class=\"single-article__header-content\" readability=\"32.65243902439\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/android-security-update-december-2024\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> None of the patched bugs were considered critical. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/82772\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"396\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/small-number-of-vulnerabilities-patched-in-last-android-security-update-of-2024.jpg?resize=640%2C396&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/small-number-of-vulnerabilities-patched-in-last-android-security-update-of-2024-2.jpg 3434w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/small-number-of-vulnerabilities-patched-in-last-android-security-update-of-2024-2.jpg?resize=300,185 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/small-number-of-vulnerabilities-patched-in-last-android-security-update-of-2024-2.jpg?resize=768,475 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/small-number-of-vulnerabilities-patched-in-last-android-security-update-of-2024-2.jpg?resize=1024,633 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/small-number-of-vulnerabilities-patched-in-last-android-security-update-of-2024-2.jpg?resize=1536,950 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/small-number-of-vulnerabilities-patched-in-last-android-security-update-of-2024-2.jpg?resize=2048,1266 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/small-number-of-vulnerabilities-patched-in-last-android-security-update-of-2024-2.jpg?resize=600,371 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/small-number-of-vulnerabilities-patched-in-last-android-security-update-of-2024-2.jpg?resize=272,168 272w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/small-number-of-vulnerabilities-patched-in-last-android-security-update-of-2024-2.jpg?resize=545,337 545w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/small-number-of-vulnerabilities-patched-in-last-android-security-update-of-2024-2.jpg?resize=1092,675 1092w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/small-number-of-vulnerabilities-patched-in-last-android-security-update-of-2024-2.jpg?resize=1364,843 1364w\" sizes=\"(max-width: 1092px) 100vw, 1092px\"><figcaption> (Scott Ackerman \/ Flickr) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"16.298715677591\"><body readability=\"32.567172897196\"><\/p>\n<p>Google on Monday released its <a href=\"https:\/\/source.android.com\/docs\/security\/bulletin\/2024-12-01\">December 2024 Android Security Bulletin<\/a>, detailing a range of security vulnerabilities affecting various components across Android devices, with some potentially allowing remote code execution and local escalation of privileges.<\/p>\n<p>The bulletin\u2019s most critical concern centers on vulnerabilities within the system components, which allow developers to build applications with specific functionalities within the Android ecosystem. One particular vulnerability, CVE-2024-43767, allows for remote code execution. The company states that the vulnerability does not require additional execution privileges for a malicious actor to exploit it. Google rated the bug as a \u201chigh\u201d severity bug, but it has yet to have a CVE entry in NIST\u2019s <a href=\"https:\/\/cyberscoop.com\/tag\/national-vulnerability-database\/\">National Vulnerability Database<\/a> (NVD).<\/p>\n<p>Google has ensured that its Android partners were alerted to these issues well in advance, providing a window for necessary adjustments ahead of the patches\u2019 public release. Source code patches for these vulnerabilities have been integrated into the <a href=\"https:\/\/source.android.com\/\">Android Open Source Project (AOSP) repository<\/a>, with further details and patches to be made accessible from Android partners like MediaTek and Qualcomm. <\/p>\n<p>This month\u2019s bulletin also lists several vulnerabilities that impact components specific to Imagination Technologies, MediaTek, and Qualcomm, with severity levels classified as high.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Beyond system components, the bulletin details vulnerabilities in frameworks that could enable local privilege escalation without additional execution privileges. These are identified by distinct CVE references and affect various Android versions from 12 to 15. <\/p>\n<p>You can read the full bulletin <a href=\"https:\/\/source.android.com\/docs\/security\/bulletin\/2024-12-01\">here<\/a>. <\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"4.202752293578\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/small-number-of-vulnerabilities-patched-in-last-android-security-update-of-2024-1.jpg?w=640&ssl=1\" alt=\"Greg Otto\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Greg Otto<\/h4>\n<p> Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/android-security-update-december-2024\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Small number of vulnerabilities patched in last Android security update<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2491,78,387,3158,3036,310],"tags":[2493,86,391,3160,3038,311],"class_list":["post-6456","post","type-post","status-publish","format-standard","hentry","category-android","category-cybersecurity","category-google","category-mobile-security","category-qualcomm","category-technology","tag-android","tag-cybersecurity","tag-google","tag-mobile-security","tag-qualcomm","tag-technology"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/android\/\" rel=\"category tag\">Android<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google\/\" rel=\"category tag\">Google<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mobile-security\/\" rel=\"category tag\">mobile security<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/qualcomm\/\" rel=\"category tag\">Qualcomm<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a>","tag_info":"Technology","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6456","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=6456"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6456\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=6456"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=6456"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=6456"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":6456,"date":"2024-12-02T15:14:41","date_gmt":"2024-12-02T21:14:41","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=82772"},"modified":"2024-12-02T15:14:41","modified_gmt":"2024-12-02T21:14:41","slug":"small-number-of-vulnerabilities-patched-in-last-android-security-update-of-2024","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/12\/02\/small-number-of-vulnerabilities-patched-in-last-android-security-update-of-2024\/","title":{"rendered":"Small number of vulnerabilities patched in last Android security update of 2024"},"content":{"rendered":"