Google has released a patch addressing a critical zero-day vulnerability that has been actively exploited.
This vulnerability, CVE-2024-32896, is a privilege escalation flaw within the Android Framework component.
The patch, part of the Android Security Bulletin for September 2024, underscores Google’s commitment to protecting its users from potential threats.
The most severe issue in the September 2024 security bulletin is a high-severity vulnerability in the Android Framework.
This flaw allows for local escalation of privilege without requiring additional execution privileges.
The severity of the vulnerability is determined by its potential impact on affected devices, particularly if platform and service mitigations are disabled or bypassed.
What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!
Table: Key Vulnerabilities in the September 2024 Security Bulletin
| CVE ID | References | Type | Severity | Updated AOSP Versions |
| CVE-2024-32896 | A-324321147 | EoP | High | 12, 12L, 13, 14 |
| CVE-2024-40658 | A-329641908 | EoP | High | 12, 12L, 13, 14 |
| CVE-2024-40662 | A-261721900 | EoP | High | 12, 12L, 13, 14 |
In addition to the Framework vulnerability, several other high-severity vulnerabilities have been identified in the System component.
These, too, could lead to local escalation of privilege. The vulnerabilities affect multiple Android versions, ensuring that this update protects a wide range of devices.
Table: System Vulnerabilities
| CVE ID | References | Type | Severity | Updated AOSP Versions |
| CVE-2024-40650 | A-293199910 | EoP | High | 12, 12L, 13, 14 |
| CVE-2024-40652 | A-327749022 | EoP | High | 12, 12L, 13, 14 |
| CVE-2024-40654 | A-333364513 | EoP | High | 12, 12L, 13, 14 |
| CVE-2024-40655 | A-300904123 | EoP | High | 12, 12L, 13, 14 |
| CVE-2024-40657 | A-341886134 | EoP | High | 12, 12L, 13, 14 |
Google has emphasized the importance of updating to the latest version of Android to benefit from enhanced security features.
The Android security platform and Google Play Protect provide robust protections, reducing the likelihood of successful exploitation.
Google Play Protect, enabled by default on devices with Google Mobile Services, is crucial in monitoring and warning users about potentially harmful applications.
The bulletin also addresses vulnerabilities in other components, including the kernel, Arm, Imagination Technologies, Unisoc, and Qualcomm.
These vulnerabilities range from high to critical severity and affect various subcomponents such as WLAN, display, and camera.
Table: Qualcomm Component Vulnerabilities
| CVE ID | References | Severity | Subcomponent |
| CVE-2024-33042 | A-344620519 | Critical | WLAN |
| CVE-2024-33052 | A-344620630 | Critical | WLAN |
| CVE-2024-33034 | A-350500940 | High | Display |
| CVE-2024-33038 | A-344620773 | High | Camera |
Google’s latest security patch reflects its ongoing efforts to safeguard Android users against emerging threats.
Users are strongly encouraged to update their devices to the latest security patch level, 2024-09-05 or later, to ensure protection against these vulnerabilities.
As always, staying informed and proactive about security updates is crucial in maintaining device safety and integrity.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial
A groundbreaking technique for Kerberos relaying over HTTP, leveraging multicast poisoning, has been recently detailed…
Since mid-2024, cybersecurity researchers have been monitoring a sophisticated Android malware campaign dubbed "Tria Stealer,"…
Proton, the globally recognized provider of privacy-focused services such as Proton VPN and Proton Pass,…
The cybersecurity landscape faces increasing challenges as Arcus Media ransomware emerges as a highly sophisticated…
Proofpoint researchers have identified a marked increase in phishing campaigns and malicious domain registrations designed…
A recent investigation by Unit 42 of Palo Alto Networks has uncovered a sophisticated, state-sponsored…