Summarize

Simplifying... Inshort

Google has detected a zero-day vulnerability in Android's kernel, which could allow hackers to execute code on unpatched devices.
The flaw was discovered by Google's Threat Analysis Group, and a patch is expected to be released soon.
Additionally, Google's August security updates include two sets of patches, one of which addresses a critical vulnerability in a Qualcomm component.

Was a long read? Making it simpler...

Next Article

Threat actors could use it to execute arbitrary code

Google fixes zero-day vulnerability in Android kernel

By Dwaipayan Roy

Aug 06, 2024

01:01 pm

What's the story

Google has addressed a critical zero-day vulnerability, identified as CVE-2024-36971, in the Android kernel. This flaw exploited in targeted attacks, was among 46 vulnerabilities rectified in this month's Android security updates. The specific weakness is a use after free (UAF) issue, discovered in the Linux kernel's network route management system. It needs system execution privileges for successful exploitation, and permits the modification of certain network connections' behavior.

Attack

Vulnerability may be used to execute arbitrary code 

Google has indicated that "there are indications that CVE-2024-36971 may be under limited, targeted exploitation." Threat actors could potentially use it to execute arbitrary code, without user interaction on unpatched devices.

Discovery credit

TAG researcher responsible for zero-day vulnerability discovery

The discovery and reporting of this zero-day vulnerability were attributed to Clement Lecigne, a security researcher from Google's Threat Analysis Group (TAG). While Google has not disclosed details about the exploitation or the attackers, it is known that TAG researchers often identify and disclose zero-days used in state-sponsored surveillance software attacks, targeting high-profile individuals.

Patch release

Google to release source code patches soon

Google plans to release "source code patches for these issues to the Android Open Source Project (AOSP) repository in the next 48 hours," according to an advisory. Earlier this year, Google addressed another zero-day vulnerability exploited in attacks. It was a high-severity elevation of privilege (EoP) flaw in Pixel firmware. This flaw was used by forensic firms to unlock Android devices without a PIN and access stored data.

Update

Google's August security updates have 2 patch sets

Google's August security updates include two patch sets: the 2024-08-01 and 2024-08-05 security levels. The latter comprises all fixes from the first set plus extra patches for third-party closed-source and Kernel components, which include a critical vulnerability (CVE-2024-23350) in a Qualcomm closed-source component. Not all Android devices may require the vulnerabilities addressed in the 2024-08-05 patch level.