Google has fixed two zero-day flaws that were actively exploited in Android. The company did not provide detailed information on how the vulnerabilities were exploited by criminals.
The holes were identified with the codes CVE-2024-43047 and CVE-2024-43093. In documents published by Google, attacks were limited and targeted.
The CVE-2024-43047 flaw was reported in early October this year. The threat was discovered by Google’s Topic Analysis group and Affected Qualcomm chipsets such as Snapdragon 8 Gen 1 — Galaxy S22’s processor and other top-end 2021.
On the other hand, the CVE-2024-43093 vulnerability allowed elevation of privileges in the Android Framework component. This permission provided access to the “data”, “obb” and “sandbox” directories of the operating system.
Attacks were limited and targeted
No documentation has been published on how the vulnerabilities were exploited. But since it is a targeted attack must not have reached the public.
Same security patch as November also fixed 49 other issues. Only one of these was classified as critical; CVE-2024-38408 also exists in Qualcomm components.
THE Google security patch is rolling out for Android 12, 13, 14 and 15. Some of the fixes are for specific OS iterations.
Now, Manufacturers are responsible for patching and redistributing the fix for the consumers themselves. Naturally, your device should only receive the update if it is within the brand’s support period.
Source: Tec Mundo
I am a passionate and hardworking journalist with an eye for detail. I specialize in the field of news reporting, and have been writing for Gadget Onus, a renowned online news site, since 2019. As the author of their Hot News section, I’m proud to be at the forefront of today’s headlines and current affairs.
