Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Google Patches Android Zero-Day Exploited in Targeted Attacks

Google has patched CVE-2024-36971, a high-severity kernel zero-day vulnerability in Android that has been exploited in targeted attacks. 

Android security updates

Google on Monday announced its August 2024 security patches for Android and the list includes a zero-day vulnerability that appears to have been exploited in targeted attacks.

The zero-day, tracked as CVE-2024-36971, has been described as a high-severity issue in the kernel that can be exploited for remote code execution with “System execution privileges needed”.

“There are indications that CVE-2024-36971 may be under limited, targeted exploitation,” Google noted in its advisory.

According to previous advisories from the Linux community, CVE-2024-36971 is a kernel vulnerability that can lead to a use-after-free condition. 

No information has been shared on attacks exploiting CVE-2024-36971, but it’s worth noting that it was discovered by Google’s Clément Lecigne, who is often credited for finding vulnerabilities exploited by commercial spyware vendors

The latest Android updates patch more than 40 other vulnerabilities, a majority of which have been assigned a ‘high severity’ rating. 

Roughly a dozen flaws have been patched in the ‘framework’ component, including bugs that can be exploited for privilege escalation, information disclosure, and DoS attacks. One information disclosure issue has been fixed in the ‘system’ component. 

A handful of vulnerabilities have been addressed in Arm, Imagination Technologies, and MediaTek components.

Advertisement. Scroll to continue reading.

Qualcomm component updates patch 27 vulnerabilities, in the display, WLAN and other sub-components. One flaw has been assigned a ‘critical severity’ rating, allowing an attacker to cause a permanent DoS condition. 

Google also announced patches for Wear OS on Monday.

Related: Microsoft Banning Android Phones for Staff in China

Related: Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug

Related: Android 15 Brings Improved Fraud and Malware Protections

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

Exabeam has appointed Kish Dill as Chief Customer Success Officer.

More People On The Move

Expert Insights