Cyber security news for all

More

    Google Alerts on Ongoing Exploitation of Android Vulnerability CVE-2024-43093

    Google has issued an alert regarding a security vulnerability within its Android operating system that is currently subject to active exploitation in real-world scenarios.

    Designated as CVE-2024-43093, this flaw has been characterized as a privilege escalation vulnerability rooted in the Android Framework. If exploited, it could grant unauthorized access to sensitive directories including “Android/data,” “Android/obb,” and “Android/sandbox,” along with their respective subdirectories, as outlined in recent code commit documentation.

    While specific tactics for exploiting this vulnerability remain undisclosed, Google acknowledged in its latest security bulletin that there are signs the flaw “may be subject to limited, targeted exploitation.”

    Additionally, Google has identified another actively exploited vulnerability, CVE-2024-43047, which affects Qualcomm chipsets. This now-mitigated flaw, a use-after-free vulnerability in the Digital Signal Processor (DSP) Service, poses a risk of memory corruption if exploited.

    Last month, Qualcomm credited Google Project Zero researchers Seth Jenkins and Conghui Wang for reporting the issue, while Amnesty International’s Security Lab confirmed instances of its exploitation in the wild.

    The advisory offers limited insights into how these vulnerabilities are being targeted or the timeline of their exploitation. However, it is plausible that such exploits are being leveraged for highly focused spyware attacks, potentially aimed at individuals within civil society.

    It remains unclear whether the CVE-2024-43093 and CVE-2024-43047 vulnerabilities have been combined in an exploit chain to elevate system privileges or facilitate arbitrary code execution.

    Notably, CVE-2024-43093 marks the second actively exploited flaw within the Android Framework this year, following CVE-2024-32896, which was initially patched for Google Pixel devices in June and later applied more broadly across the Android ecosystem.

    Recent Articles

    Related Stories