Google has addressed a high-severity safety flaw impacting the Android kernel that it has been actively exploited within the wild.
The vulnerability, tracked as CVE-2024-36971, has been described as a case of distant code execution impacting the kernel.
“There are indications that CVE-2024-36971 could also be below restricted, focused exploitation,” the tech big famous in its month-to-month Android safety bulletin for August 2024.
As is usually the case, the corporate didn’t share any extra specifics on the character of the cyber-attacks exploiting the flaw or attribute the exercise to a specific risk actor or group. It is at the moment not identified if Pixel gadgets are additionally impacted by the bug.
That mentioned, Clement Lecigne of Google’s Risk Evaluation Group (TAG) has been credited with reporting the flaw, suggesting that it is seemingly being exploited by business spy ware distributors to infiltrate Android gadgets in narrowly focused assaults.
The August patch addresses a complete of 47 flaws, together with these recognized in elements related to Arm, Creativeness Applied sciences, MediaTek, and Qualcomm.
Additionally resolved by Google are 12 privilege escalation flaws, one info disclosure bug, and one denial-of-service (DoS) flaw impacting the Android Framework.
In June 2024, the search firm revealed that an elevation of privilege problem in Pixel Firmware (CVE-2024-32896) has been exploited as a part of restricted and focused assaults.
Google subsequently instructed The Hacker Information that the difficulty’s influence goes past Pixel gadgets to incorporate the broader Android platform and that it is working with OEM companions to use the fixes the place relevant.
Beforehand, the corporate additionally closed out two safety flaws within the bootloader and firmware elements (CVE-2024-29745 and CVE-2024-29748) that had been weaponized by forensic corporations to steal delicate information.
The event comes because the U.S. Cybersecurity and Infrastructure Safety Company (CISA) added CVE-2018-0824, a distant code execution flaw impacting Microsoft COM for Home windows to its Recognized Exploited Vulnerabilities (KEV) catalog, requiring federal companies to use fixes by August 26, 2024.
The addition follows a report from Cisco Talos that the flaw was weaponized by a Chinese language nation-state risk actor named APT41 in a cyber assault aimed toward an unnamed Taiwanese government-affiliated analysis institute to attain native privilege escalation.