11-07-2024, 02:17 PM
Quote:Google fixed two actively exploited Android zero-day flaws as part of its November security updates, addressing a total of 51 vulnerabilities.https://www.bleepingcomputer.com/news/se...d-attacks/
Tracked as CVE-2024-43047 and CVE-2024-43093, the two issues are marked as exploited in limited, targeted attacks.
"There are indications that the following may be under limited, targeted exploitation," says Google's advisor.
The CVE-2024-43047 flaw is a high-severity use-after-free issue in closed-source Qualcomm components within the Android kernel that elevates privileges.
The flaw was first disclosed in early October 2024 by Qualcomm as a problem in its Digital Signal Processor (DSP) service.
CVE-2024-43093 is also a high-severity elevation of privilege flaw, this time impacting the Android Framework component and Google Play system updates, specifically in the Documents UI.
Google did not disclose who discovered the CVE-2024-43093 vulnerability.
While Google did not share any details on how the vulnerabilities were exploited, as researchers at Amnesty International discovered CVE-2024-43047, it could indicate that the flaw was used in targeted spyware attacks.
There is no patch for stupidity - Kevin Mitnick