Google patches actively exploited Android vulnerability (CVE-2024-43093)
Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, a vulnerability in the Google Play framework.
The exploited vulnerabilities (CVE-2024-43047, CVE-2024-43093)
Qualcomm patched CVE-2024-43047 – a use-after-free vulnerability in the Digital Signal Processor (DSP) service that could be exploited to escalate privileges on targeted devices – in October 2024, and urged original equipment manufacturers (OEMs) to deploy the patches as soon as possible.
Reported by Seth Jenkins of Google Project Zero and Conghui Wang of Amnesty International Security Lab, it’s highly likely that the flaw is being leveraged by commercial mobile spyware makers.
Also, “limited, targeted exploitation” is phrasing that usually points toward cyber espionage campaigns rather than broad malware attacks and often implicates the use of specialized spyware targeting activists, journalists, or dissidents.
CVE-2024-43093 is another vulnerability that allows privilege escalation and has been fixed by restricting access to “Android/data,” “Android/obb,” and “Android/sandbox” directories and their sub-directories.
Propagating fixes in the Android ecosystem
As per usual, the Android Security Bulletin for November 2024 contains fixes for many other flaws found in the Android platform.
Android partners are notified of all issues at least a month before publication of each monthly Android security bulletin, and source code patches for them are released to the Android Open Source Project (AOSP) repository.
Samsung has, for example, patched CVE-2024-43047 in the October 2024 maintenance release for major flagship models, and CVE-2024-43093 in the one made available in November 2024.
Other manufacturers of Android-powered phones – such as Huawei, Motorola, Oppo, and others – are expected to follow suit.
source: HelpNetSecurity
Free security scan for your website
Top News:
Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks
November 12, 2024Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024