Security Affairs reports that Google has issued an alert regarding the limited, targeted attacks leveraging a pair of flaws impacting Android devices.
Leading the actively exploited bugs is an Android Framework privilege escalation issue, tracked as CVE-2024-43093, which could be utilized to facilitate unauthorized Android directory and sub-directory access. Threat actors have also abused a use-after-free flaw in Qualcomm's digital signal processor, tracked as CVE-2024-43047, which could result in memory compromise, according to Google. Such a development comes after patches were issued by Google to remediate a high-severity privilege escalation bug in Android, tracked as CVE-2024-32896. "There is a possible way to bypass due to a logic error in the code. [CVE-2024-32896] could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation," said an advisory from the National Institute of Standards and Technology's National Vulnerability Database.