Summary: This content discusses the recent Android security updates that address 46 vulnerabilities, including a critical zero-day vulnerability (CVE-2024-36971) that may be exploited in targeted attacks. The vulnerability, which affects the Linux kernel’s network route management, allows threat actors to execute arbitrary code on unpatched devices.
Threat Actor: Unknown | unknown
Victim: Android users | Android users
Key Point :
- The zero-day vulnerability CVE-2024-36971 is a use after free (UAF) flaw requiring system execution privileges for exploitation.
- Google’s Threat Analysis Group (TAG) discovered the vulnerability, which is believed to be under limited, targeted exploitation.
- Security patches for the vulnerabilities will be released to the Android Open Source Project (AOSP) repository within 48 hours.
- Not all Android devices may require the latest security patches immediately, as device vendors may prioritize initial patch levels for deployment.
- Google Pixel devices receive security updates promptly, while other manufacturers may experience delays for testing compatibility.
Android security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks.
The zero-day, tracked as CVE-2024-36971, is a use after free (UAF) weakness in the Linux kernel’s network route management. It requires System execution privileges for successful exploitation and allows altering the behavior of certain network connections.
Google says that “there are indications that CVE-2024-36971 may be under limited, targeted exploitation,” with threat actors likely exploiting to gain arbitrary code execution without user interaction on unpatched devices.
ClΓ©ment Lecigne, a security researcher from Google’s Threat Analysis Group (TAG), was tagged as the one who discovered and reported this zero-day vulnerability.
Even though Google has yet to provide details about how the flaw is being exploited and what threat actor is behind the attacks, Google TAG security researchers frequently identify and disclose zero-days used in state-sponsored surveillance software attacks to target high-profile individuals.
“Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours,” explains the advisory.
Earlier this year, Google patched another zero-day exploited in attacks: a high-severity elevation of privilege (EoP) flaw in the Pixel firmware, tracked as CVE-2024-32896 by Google and CVE-2024-29748 by GrapheneOS (which found and reported the flaw).
Forensic companies exploited this vulnerability to unlock Android devices without a PIN and gain access to the stored data.
Google has released two patch sets for the August security updates, the 2024-08-01 and 2024-08-05 security patch levels. The latter includes all the security fixes from the first set and additional patches for third-party closed-source and Kernel components, like a critical vulnerability (CVE-2024-23350) in a Qualcomm closed-source component.
Notably, not all Android devices might need security vulnerabilities that apply to the 2024-08-05 patch level. Device vendors may also prioritize deploying the initial patch level to streamline the update process. However, this does not necessarily indicate an increased risk of potential exploitation.
It’s important to note that while Google Pixel devices receive monthly security updates immediately after release, other manufacturers may require some time before rolling out the patches. The delay is necessary for additional testing of the security patches to ensure compatibility with various hardware configurations.