Friday, November 22, 2024

Android 14 gets a proper sendoff with September’s security patches rolling out to Google Pixels now

Must read

Key Takeaways

  • What is likely the last Android 14 update for supported Pixels is rolling out with security patches and Wi-Fi improvements.
  • This update fixes a number of CVEs of critical severity and removes the dormant Verizon Store Demo app that was found to contain vulnerabilities.
  • An upcoming Android 15 update is on its way, with a release expected around the beginning of October 2024.



Android 15 is officially out of beta, but it’s apparently not yet up to Google’s standards for its Pixel lineup. So today, the company is releasing what will likely be the last Android 14 update for most of its devices, bringing the September 2024 security patches to every Google phone, tablet, and foldable, starting with the Pixel 6.

Google announced the new update on its Pixel product forums today, revealing that it has a build number of AP2A.240905.003 on most Pixels. The version is still based on Android 14 QPR3, which made its debut roughly three months ago as the June 2024 Pixel Feature Drop. Today’s update, however, is not a Feature Drop — but confusingly, it’s still worth noting that Google is separately rolling out a bundle of new Android features to all devices this week via app updates.



What’s new in this update?

Google’s release notes only mention two specific changes: Improvements to Wi-Fi performance on the Pixel 9 series, and the removal of a third-party APK on the previous Pixel models. That second one is likely Google removing Verizon’s Showcase.apk demo mode app that comes preinstalled on Pixels and was found in August to be vulnerable to a hypothetical attack.

The September 2024 update includes security patches and improvements for Pixel users – see below for details.

  • Fix to remove third party APK to address security vulnerability*[1]
  • Fix to improve wireless (Wi-Fi) stability and performance in certain conditions*[2]

——————————————————————————————————

Fixes are available for all supported Pixel devices unless otherwise indicated below. Some fixes may be carrier/region specific.

*[1] Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel Fold, Pixel Tablet

*[2] Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold


In addition to these Pixel-specific changes, this update also brings patches for vulnerabilities outlined in the September 2024 Android Security Bulletin. These are split into two sets of patches, one dated September 1 and the other September 5, with the first containing fixes for vulnerabilities in Android itself, and the second patching bugs in closed-source and vendor-specific components.

The September 1 set outlines fixes for three high-severity common vulnerabilities and exposures (CVEs) in the Android Framework, as well as another seven in the Android System. A separate CVE of unknown severity is also being patched through a concurrent Google Play system update that addresses a flaw with Remote Key Provisioning (CVE-2024-40659).


Since the September 5 patches deal with close-source components, it’s always difficult to say exactly which patches are making their way to Pixels. But a total of 23 more high-severity CVEs were addressed in this set, plus two additional critical-severity CVEs that dealt with proprietary Qualcomm components (CVE-2024-23358 and CVE-2024-23359).

Google maintains a separate Pixel-specific security bulletin and has now added September’s changes to the list. Here, in addition to the Verizon Demo Mode app’s removal, another high-severity vulnerability is mentioned (CVE-2024-44096). But more concerning are the four critical-severity CVEs listed (CVE-2024-44092, CVE-2024-44093, CVE-2024-44094, and CVE-2024-44095), dealing with problems in the LCS and LDFW subcomponents, two systems we were unable to find documentation for.


Google says this update will start rolling out today, though it may take a week or two to hit all eligible phones, depending on device and carrier. To see if you have it, head to Settings → System → Software updates → System update → Check for update on your Pixel.

When the dust settles, we’ll likely look back on this as the last Android 14 build for supported Pixels, considering Google’s Android 15 update is said to be on its way in the “coming weeks.” The latest rumors have it pegged for an October launch on Pixels, but a late-September rollout doesn’t seem to be completely out of the question.

Latest article