Google has addressed a high-severity security flaw impacting the Android kernel that it has been actively exploited within the wild.
The vulnerability, tracked as CVE-2024-36971, has been described as a case of distant code execution impacting the kernel.
“There are indications that CVE-2024-36971 could also be underneath restricted, focused exploitation,” the tech large famous in its month-to-month Android security bulletin for August 2024.
As is often the case, the corporate didn’t share any further specifics on the character of the cyber-attacks exploiting the flaw or attribute the exercise to a specific menace actor or group. It is at present not identified if Pixel gadgets are additionally impacted by the bug.
That stated, Clement Lecigne of Google’s Menace Evaluation Group (TAG) has been credited with reporting the flaw, suggesting that it is seemingly being exploited by industrial adware distributors to infiltrate Android gadgets in narrowly focused assaults.
The August patch addresses a complete of 47 flaws, together with these recognized in parts related to Arm, Creativeness Applied sciences, MediaTek, and Qualcomm.
Additionally resolved by Google are 12 privilege escalation flaws, one data disclosure bug, and one denial-of-service (DoS) flaw impacting the Android Framework.
In June 2024, the search firm revealed that an elevation of privilege subject in Pixel Firmware (CVE-2024-32896) has been exploited as a part of restricted and focused assaults.
Google subsequently instructed The Hacker Information that the difficulty’s affect goes past Pixel gadgets to incorporate the broader Android platform and that it is working with OEM companions to use the fixes the place relevant.
Beforehand, the corporate additionally closed out two security flaws within the bootloader and firmware parts (CVE-2024-29745 and CVE-2024-29748) that had been weaponized by forensic corporations to steal delicate knowledge.
The event comes because the U.S. Cybersecurity and Infrastructure Safety Company (CISA) added CVE-2018-0824, a distant code execution flaw impacting Microsoft COM for Home windows to its Identified Exploited Vulnerabilities (KEV) catalog, requiring federal businesses to use fixes by August 26, 2024.
The addition follows a report from Cisco Talos that the flaw was weaponized by a Chinese language nation-state menace actor named APT41 in a cyber assault aimed toward an unnamed Taiwanese government-affiliated analysis institute to attain native privilege escalation.
