Android’s July 2024 Security Patches Fix Critical Vulnerability

On Monday, Google released the July 2024 security patches for the Android operating system, which address several critical vulnerabilities, including one affecting the Framework component.

A total of 27 vulnerabilities were patched with the release, split into two parts: 8 received fixes as part of the 2024-07-01 security patch level, and 19 were addressed with the 2024-07-05 security patch level.

Tracked as CVE-2024-31320, the most important of these vulnerabilities resides in the Framework component and was found to impact Android 12 and Android 12L.

“The most severe of these issues is a critical security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed,” Google notes in its advisory.

The issue was addressed as part of the 2024-07-01 security patch level, along with seven other System bugs: three high-severity elevations of privilege flaws.

The remaining 4 vulnerabilities fixed with the 2024-07-01 security patch level include 4 bugs in the Android System, including 3 high severity elevations of privilege flaws and a high-severity information disclosure.

The 2024-07-05 security patch level addresses a vulnerability in Kernel components (high severity elevation of privilege), 4 bugs in Arm components, 5 flaws in Imagination Technologies components (high severity), 2 bugs in MediaTek components, 4 flaws in Qualcomm components and 5 issues in Qualcomm closed-source components (one critical, four high severity).