Google has introduced patches for a number of excessive severity vulnerabilities. In whole, 51 vulnerabilities have been patched in November’s updates, two of that are below restricted, lively exploitation by cybercriminals.
In case your Android telephone reveals patch degree 2024-11-05 or later then the problems mentioned under have been mounted. The updates have been made out there for Android 12, 12L, 13, 14, and 15. Android distributors are notified of all points at the very least a month earlier than publication, nonetheless, this doesn’t always mean that the patches are available for all devices immediately.
You will discover your gadget’s Android model quantity, safety replace degree, and Google Play system degree in your Settings app. You’ll get notifications when updates can be found for you, however you can even test for them your self.
For many telephones it really works like this: Underneath About telephone or About gadget you may faucet on Software program updates to test if there are new updates out there to your gadget, though there could also be slight variations primarily based on the model, sort, and Android model of your gadget.
Preserving your gadget as updated as doable protects you from identified vulnerabilities which were mounted, and lets you keep protected.
Technical particulars
The Widespread Vulnerabilities and Exposures (CVE) database lists publicly disclosed pc safety flaws. The CVEs that look a very powerful are:
CVE-2024-43047: a high-severity use-after-free challenge in closed-source Qualcomm parts throughout the Android kernel that elevates privileges. Use after free (UAF) is a vulnerability as a result of incorrect use of dynamic reminiscence throughout a program’s operation. If after liberating a reminiscence location a program doesn’t clear the pointer to that reminiscence, an attacker can use the error to control this system. Qualcomm disclosed the vulnerability in October as an issue in its Digital Sign Processor (DSP) service. The vulnerability is flagged as below restricted, focused exploitation and will enable an attacker to escalate privileges on focused units.
CVE-2024-43093: a high-severity escalation of privilege vulnerability impacting the Android Framework and the Google Play system updates. That is the second vulnerability that’s flagged as below restricted, focused exploitation.
CVE-2024-43091: a excessive severity Distant Code Execution (RCE). By exploiting this vulnerability within the System part an attacker may remotely execute code on a tool with no extra execution privileges wanted.
CVE-2024-38408: is the one vulnerability listed as essential on this replace. The issue is described as a “cryptographic challenge when a controller receives an LMP begin encryption command below sudden situations.” LMP stands for Hyperlink Supervisor Protocol, which is a communication system utilized in Bluetooth expertise to arrange and handle connections between units. The “begin encryption command” is a particular instruction that tells Bluetooth units to start scrambling their communications. The difficulty was patched by Qualcomm, which revealed a long list of affected chipsets.
We don’t simply report on telephone safety—we offer it
Cybersecurity dangers ought to by no means unfold past a headline. Maintain threats off your cell units by downloading Malwarebytes for iOS, and Malwarebytes for Android in the present day.
