Saturday, December 7, 2024
HomeCVE/vulnerabilityGoogle Patched 40 Security Vulnerabilities Along With Two Zero-Days

Google Patched 40 Security Vulnerabilities Along With Two Zero-Days

Published on

SIEM as a Service

Google has released a batch of security updates addressing 40 vulnerabilities, two of which are critical zero-day exploits.

As reported in the November 2024 Android Security Bulletin, these updates are crucial for maintaining the integrity and safety of Android devices worldwide.

The November 5, 2024, security patch is designed to tackle a broad spectrum of vulnerabilities.

- Advertisement - SIEM as a Service

Users are encouraged to update their devices to this patch level or later to ensure protection against these threats.

Google has made it easy for users to check and update their Android version by following the instructions provided in the bulletin.

Build an in-house SOC or outsource SOC-as-a-Service -> Calculate Costs

Zero-Days Under Scrutiny

Two zero-day vulnerabilities, CVE-2024-43047 and CVE-2024-43093, have been identified as being under limited, targeted exploitation.

These vulnerabilities pose significant risks as attackers can exploit them to gain unauthorized access or execute malicious code.

The most severe vulnerability patched affects the System component, which could allow for remote code execution without the need for additional privileges.

This highlights the critical nature of the update, as such an exploit could have severe repercussions if left unaddressed.

Google’s Android security platform and Google Play Protect offer robust defenses against these vulnerabilities.

These protections are designed to reduce the likelihood of successful exploitation. Google Play Protect is vital for users who download apps outside the official Google Play Store. 

The Android security team actively monitors any abuse, ensuring that users are promptly alerted about potentially harmful applications. This vigilant approach underscores Google’s commitment to maintaining a secure user ecosystem.

As Android continues to evolve, enhancements in newer versions make exploiting vulnerabilities increasingly tricky.

Therefore, Google strongly encourages users to update to the latest Android version whenever possible. This practice provides the latest features and ensures users benefit from improved security measures.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...