Google’s Android 15 is notable for its security and privacy upgrades, narrowing the gap to iPhone. These include real-time, on-device threat monitoring for malware and even scam calls that set a new bar for safeguarding our smartphones. Apple actually has some catching up to do here, as central security monitoring shifts to the edge.
Now, Google has released details of its last Android security update of 2024, which includes several Android 15 fixes, including a system vulnerability which “could lead to remote code execution with no additional execution privileges needed.”
While CVE-2024-43767 only carries a high-severity rating, we have seen such vulnerabilities escalate after their initial outings before, with active attack warnings following some time after initial bulletins.
That fix is the standout of December’s bulletin, albeit several more also affect Android 15 devices, which primarily means Pixels and a few models from other OEMs. But notably not Samsungs. Galaxy users have not even received their Android 15 beta as yet, with the company’s One UI 7 running well behind.
While Pixels will receive the full update regardless of whether they have upgraded to Android 15 or not, Google says that other Android partners “are notified of all issues at least a month before publication,” while assuring that exploiting CVE-2024-43767 requires that “platform and service mitigations are turned off for development purposes or successfully bypassed.” We won’t know that all fixes are included until the specific bulletins are published by each OEM over the coming days.
Again, it’s too early to say for sure whether there are any active exploitations as yet. Thus far at least, none have been found, which makes this update quieter than we have seen in recent months—a welcome relief.
In addition to Google’s own, the December update also includes a number of high-severity Qualcomm fixes. This update—at least for Android 14 down—will be wrapped into Samsung’s own December security release, albeit it’s entirely likely that chipset and other third-party fixes might be further delayed. We are yet to see confirmation that Qualcomm’s October zero-day has been fixed across the Galaxy range.
Pixel owners should see the update roll out to their devices shortly, based as ever on regions and carriers. Given the high-severity fixes, the advice is to update as soon as possible. And you can do that seamlessly—again, unlike your Samsung counterparts, at least until Samsung’s S25 launches early in 2025.
