Google Fixes Two Android Zero-Days Used in Targeted Attacks
Summary:
As part of the November Security updates, Google addressed a total of 51 vulnerabilities, two of which are actively being exploited in attacks in the wild. The first flaw, tracked as CVE-2024-43093 pertains to a high-severity privilege escalation flaw impacting the Android Framework component and Google Play system updates, specifically in the Documents UI. Successful exploitation could allow actors to gain access to certain Android directories. The flaw has been fixed by restricting access to “Android/data,” “Android/obb,” and “Android/sandbox” directories and their sub-directories.
The second actively exploited vulnerability, which is being tracked as CVE-2024-43047, is a high-severity use-after-free issue in closed-source Qualcomm components within the Android kernel. Specifically, the flaw resides in the Digital Signal Processor service and can lead to memory corruption.
Security Officer Comments:
Both of these flaws have been described as being "under limited, targeted exploitation." Specific details about these intrusions have not been made public, likely to prevent malicious actors from using the information to launch additional attacks. However, similar to past incidents involving Android vulnerabilities, these new flaws could potentially serve as entry points for targeted spyware campaigns, which involve covertly monitoring compromised devices and extracting sensitive data of interest.
Suggested Corrections:
The security issues fixed this month impact Android versions between 12 and 15, with some being limited to specific versions of the mobile operating system. End users should ensure that their devices are up to date and on the latest version to prevent potential exploitation. To apply the latest update, head to Settings > System > Software updates > System update. Alternatively, go to Settings > Security & privacy > System & updates > Security update. A restart will be required to apply the update.
Link(s):
https://www.bleepingcomputer.com/ne...o-android-zero-days-used-in-targeted-attacks/
As part of the November Security updates, Google addressed a total of 51 vulnerabilities, two of which are actively being exploited in attacks in the wild. The first flaw, tracked as CVE-2024-43093 pertains to a high-severity privilege escalation flaw impacting the Android Framework component and Google Play system updates, specifically in the Documents UI. Successful exploitation could allow actors to gain access to certain Android directories. The flaw has been fixed by restricting access to “Android/data,” “Android/obb,” and “Android/sandbox” directories and their sub-directories.
The second actively exploited vulnerability, which is being tracked as CVE-2024-43047, is a high-severity use-after-free issue in closed-source Qualcomm components within the Android kernel. Specifically, the flaw resides in the Digital Signal Processor service and can lead to memory corruption.
Security Officer Comments:
Both of these flaws have been described as being "under limited, targeted exploitation." Specific details about these intrusions have not been made public, likely to prevent malicious actors from using the information to launch additional attacks. However, similar to past incidents involving Android vulnerabilities, these new flaws could potentially serve as entry points for targeted spyware campaigns, which involve covertly monitoring compromised devices and extracting sensitive data of interest.
Suggested Corrections:
The security issues fixed this month impact Android versions between 12 and 15, with some being limited to specific versions of the mobile operating system. End users should ensure that their devices are up to date and on the latest version to prevent potential exploitation. To apply the latest update, head to Settings > System > Software updates > System update. Alternatively, go to Settings > Security & privacy > System & updates > Security update. A restart will be required to apply the update.
Link(s):
https://www.bleepingcomputer.com/ne...o-android-zero-days-used-in-targeted-attacks/