Google has rolled out updates for Android versions 12, 12L, 13, and 14 as part of the July security patch. These updates address several privilege escalation vulnerabilities.
The updates released for the July patchday cover the smartphone and tablet operating system Android. Critical security gaps have been identified across all currently supported Android versions, specifically 12, 12L, 13, and 14.
According to the descriptions, all vulnerabilities in the Android components allow attackers to elevate their local privileges. The security issues affect the Framework and System components. In the Framework, there are four vulnerabilities, one of which exclusively impacts Android 12 and 12L and is classified as a critical risk. The remaining vulnerabilities are rated as “high” threats, along with four vulnerabilities in the System component. These are addressed by the patch level 01.07.2024. Additionally, there are two vulnerabilities that are fixed through Google Play system updates.
Additional Vulnerabilities
For devices that manufacturers update to patch level 05.07.2024, there are security fixes in the kernel for a high-risk vulnerability. These updates also address two high-risk vulnerabilities within ARM processors, five in the software for PowerVR GPUs by Imagine Technologies, two in widely used Mediatek chips, and four more in Qualcomm components. Furthermore, there are updates for Qualcomm closed-source software that fix one critical and four high-risk security vulnerabilities.
As always, smartphone users will need to wait for the Android updates to become available as firmware updates for their specific devices. Even Google’s own Pixel smartphones had not received the July update at the time of the announcement. However, for devices still supported by their manufacturers, updated firmware packages should be distributed shortly.