The critical bug, tracked as CVE-2024-31320, impacts Android versions 12 and 12L and allows an attacker to escalate privileges on a vulnerable device.

“The most severe of these issues is a critical security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed,” Google explains in an advisory.

The security defect was addressed as part of the 2024-07-01 security patch level, which also addresses seven other high-severity issues, including three escalation of privilege bugs in Framework, three escalation of privilege vulnerabilities in System, and one information disclosure flaw in System.