August 5, 2024
Image: Midjourney
Android security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks.
The zero-day, tracked as CVE-2024-36971, is a use after free (UAF) weakness in the Linux kernel's network route management. It requires System execution privileges for successful exploitation and allows altering the behavior of certain network connections.
Google says that "there are indications that CVE-2024-36971 may be under limited, targeted exploitation," with threat actors likely exploiting to gain arbitrary code execution without user interaction on unpatched devices.
Clément Lecigne, a security researcher from Google's Threat Analysis Group (TAG), was tagged as the one who discovered and reported this zero-day vulnerability.
Even though Google has yet to provide details about how the flaw is being exploited and what threat actor is behind the attacks, Google TAG security researchers frequently identify and disclose zero-days used in state-sponsored surveillance software attacks to target high-profile individuals.
"Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours," explains the advisory.
