Google has released patches for 62 vulnerabilities in its latest Android security update, including two high-severity zero-days exploited by attackers. The fixes address a privilege escalation vulnerability and an information disclosure vulnerability that allow local attackers to access sensitive data on vulnerable devices.
The new updates also patch 60 other security vulnerabilities, most of which are high-severity elevation of privilege flaws. Google has been working to fix these issues since January, sharing the patches with OEM partners before releasing them to the public.
One notable exploit chain was discovered by Amnesty International’s Security Lab in mid-2024 and used by Serbian authorities to unlock Android devices. Google has previously fixed another zero-day (CVE-2024-43047) that was used in NoviSpy spyware attacks against activists, journalists, and protestors.
Google Pixel devices receive the updates immediately, while other vendors may take longer to test and fine-tune the patches for their specific hardware configurations.
Source: https://www.bleepingcomputer.com/news/security/google-fixes-android-zero-days-exploited-in-attacks-60-other-flaws