Google has released a patch addressing a critical zero-day vulnerability that has been actively exploited.
This vulnerability, CVE-2024-32896, is a privilege escalation flaw within the Android Framework component.
The patch, part of the Android Security Bulletin for September 2024, underscores Google’s commitment to protecting its users from potential threats.
The most severe issue in the September 2024 security bulletin is a high-severity vulnerability in the Android Framework.
This flaw allows for local escalation of privilege without requiring additional execution privileges.
The severity of the vulnerability is determined by its potential impact on affected devices, particularly if platform and service mitigations are disabled or bypassed.
What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!
Table: Key Vulnerabilities in the September 2024 Security Bulletin
| CVE ID | References | Type | Severity | Updated AOSP Versions |
| CVE-2024-32896 | A-324321147 | EoP | High | 12, 12L, 13, 14 |
| CVE-2024-40658 | A-329641908 | EoP | High | 12, 12L, 13, 14 |
| CVE-2024-40662 | A-261721900 | EoP | High | 12, 12L, 13, 14 |
In addition to the Framework vulnerability, several other high-severity vulnerabilities have been identified in the System component.
These, too, could lead to local escalation of privilege. The vulnerabilities affect multiple Android versions, ensuring that this update protects a wide range of devices.
Table: System Vulnerabilities
| CVE ID | References | Type | Severity | Updated AOSP Versions |
| CVE-2024-40650 | A-293199910 | EoP | High | 12, 12L, 13, 14 |
| CVE-2024-40652 | A-327749022 | EoP | High | 12, 12L, 13, 14 |
| CVE-2024-40654 | A-333364513 | EoP | High | 12, 12L, 13, 14 |
| CVE-2024-40655 | A-300904123 | EoP | High | 12, 12L, 13, 14 |
| CVE-2024-40657 | A-341886134 | EoP | High | 12, 12L, 13, 14 |
Google has emphasized the importance of updating to the latest version of Android to benefit from enhanced security features.
The Android security platform and Google Play Protect provide robust protections, reducing the likelihood of successful exploitation.
Google Play Protect, enabled by default on devices with Google Mobile Services, is crucial in monitoring and warning users about potentially harmful applications.
The bulletin also addresses vulnerabilities in other components, including the kernel, Arm, Imagination Technologies, Unisoc, and Qualcomm.
These vulnerabilities range from high to critical severity and affect various subcomponents such as WLAN, display, and camera.
Table: Qualcomm Component Vulnerabilities
| CVE ID | References | Severity | Subcomponent |
| CVE-2024-33042 | A-344620519 | Critical | WLAN |
| CVE-2024-33052 | A-344620630 | Critical | WLAN |
| CVE-2024-33034 | A-350500940 | High | Display |
| CVE-2024-33038 | A-344620773 | High | Camera |
Google’s latest security patch reflects its ongoing efforts to safeguard Android users against emerging threats.
Users are strongly encouraged to update their devices to the latest security patch level, 2024-09-05 or later, to ensure protection against these vulnerabilities.
As always, staying informed and proactive about security updates is crucial in maintaining device safety and integrity.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial
Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…
Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…
The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…
Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…
Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…
Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…