Five vulnerabilities have been identified in Google’s Android operating system. The most severe could allow attackers to execute remote code on affected devices and elevate user privileges.
The most severe of these vulnerabilities, classified as remote code execution (CVE-2024-43767), affects the System component of Android. Exploiting this flaw could allow malicious actors to execute arbitrary code on a device, acting within the permissions of the logged-on user.
Depending on the user’s privilege level, attackers might gain control over sensitive data, modify critical files, or even create new accounts with extensive access. Other vulnerabilities in the Framework (CVE-2024-43764, CVE-2024-43769) and System (CVE-2024-43097, CVE-2024-43768) components could elevate user privilege, broadening the score of potential attacks.
Additional risks have been identified in the hardware-specific components from MediaTek, Qualcomm, and Imagination Technologies.
Although no reports have emerged of these vulnerabilities being exploited in the wild, the scope and severity of the flaws warrant immediate attention. Devices running Android OS with patch level before December 5, 2024, are considered vulnerable, with the risk categorised as high for government and enterprise users, moderate for smaller organisations, and low for home users.
Government and business entities are particularly at risk due to the higher stakes of potential breaches in sensitive or critical systems.
Cybersecurity professionals stress the importance of swift action to mitigate these risks. Google has released patches to address system vulnerabilities. Recommended protective measures encompass a multi-layered approach, including automated patch deployment, systematic vulnerability assessments, and comprehensive employee digital security training.
Last month, Google fixed over 40 security vulnerabilities in Android, including two previously exploited in attacks. The first was CVE-2024-43047, a Qualcomm bug, and the other was CVE-2024-43093, a high-severity privilege escalation bug.
To protect Android devices, Google is preparing to integrate ‘Advanced Protection Mode’ in the Android 16 update.
In the News: ENGlobal Corporation hit by ransomware attack; operations hit