Google has rectified a severe security vulnerability within the Android kernel that has been actively leveraged in the wild.
The flaw, designated CVE-2024-36971, has been identified as a remote code execution vulnerability affecting the kernel.
“The evidence suggests that CVE-2024-36971 may be undergoing restricted, targeted exploitation,” the tech titan remarked in its August 2024 Android security bulletin.
As per usual, the corporation has refrained from divulging further details about the nature of the cyber intrusions exploiting this vulnerability or attributing the actions to specific threat entities or collectives. It remains uncertain whether Pixel devices are also compromised by this defect.
However, Clement Lecigne from Google’s Threat Analysis Group (TAG) has been recognized for disclosing the vulnerability, indicating that it is probably being exploited by commercial spyware vendors to breach Android devices in narrowly focused attacks.
The August update addresses a cumulative total of 47 security issues, including those found in components linked to Arm, Imagination Technologies, MediaTek, and Qualcomm.
Additionally, Google has resolved 12 privilege escalation vulnerabilities, one information disclosure flaw, and one denial-of-service (DoS) vulnerability affecting the Android Framework.
In June 2024, the search engine giant disclosed that a privilege escalation issue within Pixel Firmware (CVE-2024-32896) had been exploited in targeted and limited attacks.
Google later informed The Hacker News that this issue affects not just Pixel devices but the broader Android ecosystem and that it is collaborating with OEM partners to implement the necessary fixes.
Earlier, the company had also addressed two security flaws in the bootloader and firmware components (CVE-2024-29745 and CVE-2024-29748) that had been exploited by forensic companies to pilfer sensitive information.
This development coincides with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) adding CVE-2018-0824, a remote code execution vulnerability affecting Microsoft COM for Windows, to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to apply remedies by August 26, 2024.
This addition follows a report from Cisco Talos revealing that the vulnerability was weaponized by a Chinese nation-state threat actor, APT41, in a cyber offensive targeting an unnamed Taiwanese government-affiliated research institute to facilitate local privilege escalation.