Google has now released the Android update for November Patchday. Patch level 2024-11-01 closes a total of 17 high-risk vulnerabilities, as well as four vulnerabilities that are addressed by Google Play system updates. Patch level 2024-11-05 fixes a significant gap in Qualcomm closed source components, as well as 22 high-risk gaps in third-party drivers and components that come from the manufacturers of the used SoC.
Advertisement
developers of Google writes in security bulletin for Patch TuesdayThe most serious security gaps closed with the update are hidden in system components. This has high risk and could allow attackers to execute code from the network without additional execution rights. This patch level is of 2024-11-01. Google also closes seven security gaps in the framework, some of which affect all Android versions: 12, 12L, 13, 14, and 15. Programmers also plug a total of ten leaks in the system component. The four gaps fixed by the Google Play system update are among Project mainline components and affect the Document UI, Media Provider, Permission Controller, and WiFi module.
extended patch level
Patch level 2024-11-05 fixes other security bugs. The two high-risk leaks are in the kernel and affect the net and binder components. The LTS kernel, which is part of Android 12, has also been updated to versions 5.4.274 and 4.19.312. The new software also fixes security gaps in Imagination Technologies’ PowerVR GPUs, as well as MediaTek and Qualcomm components.
Manufacturers of processors and SoCs used in Android smartphones have also published their own security notices. Qualcomm lists security flaws Which will be discontinued with patch level 2024-11-05, but adds additional information such as affected processors. Samsung has a long line CVE vulnerability entries that were fixed in a Security Maintenance Release (SMR) in November. Furthermore, there is A list of MediaTek security vulnerabilities Which will close in November – only two of which are classified as high risk, many of which are classified as moderate risk.
It’s impossible to say when updates will arrive on individual smartphones. As a rule, flagship models from manufacturers receive monthly security updates in the first few months; Google leads the list of exemplary update providers. For example, at Samsung, there have been only quarterly updates for some time – whether this will change with the promise of up to seven years of updates for new models remains to be seen. However, since no-name providers typically only bring cheap smartphones to the market, buyers should not expect updates for them;
However, the November update for Google’s Pixel smartphones is not available at the time of reporting.
On October Patch Day, Google, among other things, repaired vulnerabilities in system components in Android that enabled smuggling of code from the Internet.
Besides Google, other manufacturers regularly publish security patches – but usually only for certain product lines. Devices from other manufacturers get the update much later or, in the worst case, not at all.
(DMK)
