"Android’s March 2024 Update Patches Critical Vulnerabilities"

Android recently announced security updates that resolve 38 vulnerabilities, including two critical severity issues in the System component.  Impacting Android 12, 12L, 13, and 14, and tracked as CVE-2024-0039 and CVE-2024-23717, the two critical flaws could lead to remote code execution and elevation of privilege, respectively.  Google noted that the most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed.  Both flaws were addressed with the first part of Android's March 2024 security update, which arrives on devices as the "2024-03-01 security patch level" and resolves 11 other vulnerabilities.  The 11 bugs, eight uncovered in the Framework component and three in the System, have a "high" severity rating and could lead to elevation of privilege, information disclosure, or denial of service.  Google says that the second part of this month's Android update arrives on devices as the "2024-03-05 security patch level" and resolves a total of 25 vulnerabilities in AMLogic, Arm, MediaTek, and Qualcomm components.  Devices running a security patch level of 2024-03-05 are patched against all 38 security defects.

SecurityWeek reports: "Android’s March 2024 Update Patches Critical Vulnerabilities"