Google closes zero-day vulnerability in Android

Google has published the Android Security Bulletin for September. A total of 37 vulnerabilities are listed. These include two critical vulnerabilities – and a zero-day vulnerability that, according to the company, is already being exploited in targeted attacks.

The fix for the zero-day vulnerability is included in the September 1 security patch level. It is a bug that allows unauthorized escalation of user privileges and is Android Framework. Android 12, 12L, 13 and 14 are affected. Google is also plugging holes in the Android system.

The September 5 security patch level includes fixes for bugs in the kernel and components of ARMImagination, Unisoc and Qualcomm. The two critical vulnerabilities are in Qualcomm’s WLAN components.

Google has eliminated a further eight vulnerabilities in its Pixel devices. Here too, the main aim is to prevent unauthorized persons from gaining greater rights than those of the current user.

As always, Google’s Android partners were informed of the details of the vulnerabilities at least a month ago. The source code of the patches will also be made available to the Android Open Source Project shortly. Other device manufacturers will provide their patches in the coming days and weeks.

Samsung informs about 62 vulnerabilities in its security warning for September, including gaps at security patch level 5. August. The Samsung patch day also contains fixes for 18 vulnerabilities in Samsung’s own software. Android 12, 13 and 14 are also affected here.