Google Addresses Critical Remote Code Execution Vulnerability in Android

February 6, 2024

Google has rolled out its February 2024 security patches for Android, addressing a total of 46 vulnerabilities. Among these vulnerabilities, a critical remote code execution flaw, identified as CVE-2024-0031, poses a significant risk. This flaw is found within the System component of the Android Open Source Project (AOSP) and affects versions 11, 12, 12L, 13, and 14.

Google's advisory states, “Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP.” This highlights the company's commitment to transparency and its proactive approach to addressing security vulnerabilities.

The advisory further notes, “The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed.” This underlines the seriousness of the vulnerability, as it allows an attacker to execute arbitrary code remotely without requiring any additional permissions.

In response to these vulnerabilities, Google has released two security patch levels: Android’s 2024-02-01 and Android’s 2024-02-05. These patches are designed to allow Google's partners to address a subset of the vulnerabilities. However, Google strongly recommends its Android partners to address all the issues outlined in the bulletin in order to ensure comprehensive security.

Users are advised to apply the security patches as soon as they become available. Timely application of these patches is crucial in mitigating the risks associated with these vulnerabilities.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.