Tuesday, December 3, 2024
Homecyber securityGoogle Patches Actively Exploited Android 0-day Privilege Escalation Vulnerability

Google Patches Actively Exploited Android 0-day Privilege Escalation Vulnerability

Published on

SIEM as a Service

Google has released a patch addressing a critical zero-day vulnerability that has been actively exploited.

This vulnerability, CVE-2024-32896, is a privilege escalation flaw within the Android Framework component.

The patch, part of the Android Security Bulletin for September 2024, underscores Google’s commitment to protecting its users from potential threats.

- Advertisement - SIEM as a Service

Details of the Vulnerability

The most severe issue in the September 2024 security bulletin is a high-severity vulnerability in the Android Framework.

This flaw allows for local escalation of privilege without requiring additional execution privileges.

The severity of the vulnerability is determined by its potential impact on affected devices, particularly if platform and service mitigations are disabled or bypassed.

What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!

Table: Key Vulnerabilities in the September 2024 Security Bulletin

CVE IDReferencesTypeSeverityUpdated AOSP Versions
CVE-2024-32896A-324321147EoPHigh12, 12L, 13, 14
CVE-2024-40658A-329641908EoPHigh12, 12L, 13, 14
CVE-2024-40662A-261721900EoPHigh12, 12L, 13, 14

System Vulnerabilities

In addition to the Framework vulnerability, several other high-severity vulnerabilities have been identified in the System component.

These, too, could lead to local escalation of privilege. The vulnerabilities affect multiple Android versions, ensuring that this update protects a wide range of devices.

Table: System Vulnerabilities

CVE IDReferencesTypeSeverityUpdated AOSP Versions
CVE-2024-40650A-293199910EoPHigh12, 12L, 13, 14
CVE-2024-40652A-327749022EoPHigh12, 12L, 13, 14
CVE-2024-40654A-333364513EoPHigh12, 12L, 13, 14
CVE-2024-40655A-300904123EoPHigh12, 12L, 13, 14
CVE-2024-40657A-341886134EoPHigh12, 12L, 13, 14

Google has emphasized the importance of updating to the latest version of Android to benefit from enhanced security features.

The Android security platform and Google Play Protect provide robust protections, reducing the likelihood of successful exploitation.

Google Play Protect, enabled by default on devices with Google Mobile Services, is crucial in monitoring and warning users about potentially harmful applications.

Additional Vulnerabilities

The bulletin also addresses vulnerabilities in other components, including the kernel, Arm, Imagination Technologies, Unisoc, and Qualcomm.

These vulnerabilities range from high to critical severity and affect various subcomponents such as WLAN, display, and camera.

Table: Qualcomm Component Vulnerabilities

CVE IDReferencesSeveritySubcomponent
CVE-2024-33042A-344620519CriticalWLAN
CVE-2024-33052A-344620630CriticalWLAN
CVE-2024-33034A-350500940HighDisplay
CVE-2024-33038A-344620773HighCamera

Google’s latest security patch reflects its ongoing efforts to safeguard Android users against emerging threats.

Users are strongly encouraged to update their devices to the latest security patch level, 2024-09-05 or later, to ensure protection against these vulnerabilities.

As always, staying informed and proactive about security updates is crucial in maintaining device safety and integrity.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

Salesforce Applications Vulnerability Could Allow Full Account Takeover

A critical vulnerability has been discovered in Salesforce applications that could potentially allow a...

TP-Link HomeShield Function Vulnerability Let Attackers Inject Malicious Commands

A significant vulnerability has been identified in TP-Link's HomeShield function, affecting a range of...

ElizaRAT Exploits Google, Telegram, & Slack Services For C2 Communications

APT36, a Pakistani cyber-espionage group, has recently upgraded its arsenal with ElizaRAT, a sophisticated...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

Salesforce Applications Vulnerability Could Allow Full Account Takeover

A critical vulnerability has been discovered in Salesforce applications that could potentially allow a...

TP-Link HomeShield Function Vulnerability Let Attackers Inject Malicious Commands

A significant vulnerability has been identified in TP-Link's HomeShield function, affecting a range of...