Cyber Security News

Google Patches Actively Exploited Android 0-day Privilege Escalation Vulnerability

Google has released a patch addressing a critical zero-day vulnerability that has been actively exploited.

This vulnerability, CVE-2024-32896, is a privilege escalation flaw within the Android Framework component.

The patch, part of the Android Security Bulletin for September 2024, underscores Google’s commitment to protecting its users from potential threats.

Details of the Vulnerability

The most severe issue in the September 2024 security bulletin is a high-severity vulnerability in the Android Framework.

This flaw allows for local escalation of privilege without requiring additional execution privileges.

The severity of the vulnerability is determined by its potential impact on affected devices, particularly if platform and service mitigations are disabled or bypassed.

What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!

Table: Key Vulnerabilities in the September 2024 Security Bulletin

CVE IDReferencesTypeSeverityUpdated AOSP Versions
CVE-2024-32896A-324321147EoPHigh12, 12L, 13, 14
CVE-2024-40658A-329641908EoPHigh12, 12L, 13, 14
CVE-2024-40662A-261721900EoPHigh12, 12L, 13, 14

System Vulnerabilities

In addition to the Framework vulnerability, several other high-severity vulnerabilities have been identified in the System component.

These, too, could lead to local escalation of privilege. The vulnerabilities affect multiple Android versions, ensuring that this update protects a wide range of devices.

Table: System Vulnerabilities

CVE IDReferencesTypeSeverityUpdated AOSP Versions
CVE-2024-40650A-293199910EoPHigh12, 12L, 13, 14
CVE-2024-40652A-327749022EoPHigh12, 12L, 13, 14
CVE-2024-40654A-333364513EoPHigh12, 12L, 13, 14
CVE-2024-40655A-300904123EoPHigh12, 12L, 13, 14
CVE-2024-40657A-341886134EoPHigh12, 12L, 13, 14

Google has emphasized the importance of updating to the latest version of Android to benefit from enhanced security features.

The Android security platform and Google Play Protect provide robust protections, reducing the likelihood of successful exploitation.

Google Play Protect, enabled by default on devices with Google Mobile Services, is crucial in monitoring and warning users about potentially harmful applications.

Additional Vulnerabilities

The bulletin also addresses vulnerabilities in other components, including the kernel, Arm, Imagination Technologies, Unisoc, and Qualcomm.

These vulnerabilities range from high to critical severity and affect various subcomponents such as WLAN, display, and camera.

Table: Qualcomm Component Vulnerabilities

CVE IDReferencesSeveritySubcomponent
CVE-2024-33042A-344620519CriticalWLAN
CVE-2024-33052A-344620630CriticalWLAN
CVE-2024-33034A-350500940HighDisplay
CVE-2024-33038A-344620773HighCamera

Google’s latest security patch reflects its ongoing efforts to safeguard Android users against emerging threats.

Users are strongly encouraged to update their devices to the latest security patch level, 2024-09-05 or later, to ensure protection against these vulnerabilities.

As always, staying informed and proactive about security updates is crucial in maintaining device safety and integrity.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Threat Actors Exploiting AES Encryption for Stealthy Payload Protection

Cybersecurity researchers have uncovered a surge in the use of Advanced Encryption Standard (AES) encryption…

11 hours ago

33.3 Million Cyber Attacks Targeted Mobile Devices in 2024 as Threats Surge

Kaspersky's latest report on mobile malware evolution in 2024 reveals a significant increase in cyber…

11 hours ago

Routers Under Attack as Scanning Attacks on IoT and Networks Surge to Record Highs

In a concerning trend, the frequency of scanning attacks targeting Internet of Things (IoT) devices…

11 hours ago

Google Launches Shielded Email to Keep Your Address Hidden from Apps

Google is rolling out a new privacy-focused feature called Shielded Email, designed to prevent apps and…

16 hours ago

Hackers Using PowerShell and Microsoft Legitimate Apps to Deploy Malware

Cybersecurity experts are warning of an increasing trend in fileless attacks, where hackers leverage PowerShell…

18 hours ago

JavaGhost: Exploiting Amazon IAM Permissions for Phishing Attacks

Unit 42 researchers have observed a threat actor group known as JavaGhost exploiting misconfigurations in…

18 hours ago