Google Patches Android Zero-Day Exploited in Targeted Attacks


Google announced its August 2024 Android security patches, addressing over 40 vulnerabilities, including a zero-day vulnerability tracked as CVE-2024-36971, which has been exploited in targeted attacks. This high-severity issue, found in the kernel, can lead to remote code execution with system privileges. Discovered by Google’s Clément Lecigne, CVE-2024-36971 involves a use-after-free condition, although no detailed attack information has been shared. The update also fixes numerous vulnerabilities in Android's framework, system, and components from Arm, Imagination Technologies, MediaTek, and Qualcomm. One critical flaw in Qualcomm components allows for a permanent denial-of-service condition.

Read More


thumb-image

Solutions