Google has addressed 62 Android security vulnerabilities, including two actively exploited zero-day flaws, as part of this month's security update, reports BleepingComputer.
More significant of the patched zero-days is the high-severity Linux kernel privilege escalation bug, tracked as CVE-2024-53197, which is part of a Cellebrite-developed exploit chain leveraged by Serbian authorities to infiltrate a targeted Android device. Such an exploit chain by the Israeli digital forensics firm also included the recently patched USB Video Class and Human Interface Devices zero-days, tracked as CVE-2024-53104 and CVE-2024-50302, respectively. Google also fixed the Android Kernel information disclosure zero-day, tracked as CVE-2024-53150, which could be abused to facilitate sensitive data compromise even without interactions from the targeted user, as well as 60 other bugs, which are mostly high-severity privilege escalation issues. Such a development comes months after Google fixed the zero-day bug, tracked as CVE-2024-43047, which has been utilized in Serbian intrusions deploying the NoviSpy malware.
