Vulnerability Management, Threat Intelligence

Active exploitation of Android vulnerabilities ongoing

Share
An Android statue is displayed in front of a building on the Google campus on January 31, 2022 in Mountain View, California. (Photo by Justin Sullivan/Getty Images)

Security Affairs reports that Google has issued an alert regarding the limited, targeted attacks leveraging a pair of flaws impacting Android devices.

Leading the actively exploited bugs is an Android Framework privilege escalation issue, tracked as CVE-2024-43093, which could be utilized to facilitate unauthorized Android directory and sub-directory access. Threat actors have also abused a use-after-free flaw in Qualcomm's digital signal processor, tracked as CVE-2024-43047, which could result in memory compromise, according to Google. Such a development comes after patches were issued by Google to remediate a high-severity privilege escalation bug in Android, tracked as CVE-2024-32896. "There is a possible way to bypass due to a logic error in the code. [CVE-2024-32896] could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation," said an advisory from the National Institute of Standards and Technology's National Vulnerability Database.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.