Google has released its Android August 2024 security update, addressing 46 vulnerabilities including a critical remote code execution (RCE) flaw, exploited in targeted attacks.
The zero-day vulnerability, CVE-2024-36971, is a ‘use after free’ (UAF) flaw in the Linux kernel’s network route management. This vulnerability demands system execution privileges for successful exploitation, enabling attackers to alter the behaviour of specific network connections.
Google has indicated that this vulnerability might be under limited, targeted exploitation. Threat actors could potentially leverage this flaw to execute arbitrary code on unpatched devices without requiring user interaction.
“There are indications that CVE-2024-36971 may be under limited, targeted exploitation,” Google notes.
Although Google has not yet disclosed details on the exploitation methods or the threat actors involved, zero-day vulnerability could be used in state-sponsored surveillance targeting high-profile individuals.
Google assured that the source code patches for the identified issues will be available in the Android Open Source Project (AOSP) repository within 48 hours of the advisory release.
Earlier in 2024, google addressed another zero-day flaw, an elevation of privilege (EoP) vulnerability in Pixel firmware. This vulnerability, tracked as CVE-2024-32896 by Google and CVE-2024-29748 by GrapheneOS, was exploited by forensic companies to bypass PIN protections and access stored data on Android devices.
Google’s August 2024 update includes two patch levels: 2024-08-01 and 2024-08-05. That latter encompasses all fixes from the first patch level, alongwith additional patches for third-party closed-source and kernel components.
A critical vulnerability (CVE-2024-23350) in a Qualcomm closed-source component has been addressed among these.
It’s important to note that not all Android devices may require patches from the 2024-08-05 level. Device vendors might prioritise deploying the initial patch level to streamline the update process, which does not necessarily increase the risk of exploitation.
While Google Pixel devices receive security updates immediately after release, other manufacturers may delay patch rollouts. This delay is often due to the need for additional testing to ensure compatibility with various hardware configurations, ensuring the security patches do not cause new issues.
In the News: Mobile Guardian breach hits Singapore, Europe, and North America