Today, Google released an Android security update that reportedly fixes 46 vulnerabilities. It also includes a zero-day vulnerability.
For those who don’t know, a zero-day vulnerability is a vulnerability in software, hardware, or firmware that attackers exploit before the manufacturer can detect and fix it. The term “zero-day” comes from the amount of time a manufacturer has to prepare a patch, which is zero days because the vulnerability has already been discovered or exploited.
This particular zero-day vulnerability (which is a use-after-free vulnerability), identified as CVE-2024-36971, reportedly exists in the Linux kernel used by the Android system to manage network routing. Although this vulnerability requires system-level execution privileges to exploit, Google noted in its security bulletin that there are indications that this zero-day vulnerability could be the target of limited targeted attacks.
Once an attacker has successfully exploited this vulnerability, they will be able to execute arbitrary code on unpatched devices without user intervention. The zero-day vulnerability was discovered by Clément Lecigne, a security researcher at Google, in the Threat Analysis Group (TAG).
Google is not disclosing specific details of the vulnerability to give Android phone users enough time to update and repair their devices.
As mentioned earlier, 45 other vulnerabilities were discovered. To address all the vulnerabilities, Google has released two batches of patches in the August security update, which are labeled 2024-08-01 and 2024-08-05. It’s worth noting that the second patch batch includes fixes for third-party closed source components and kernel components along with all the fixes from the first batch. Therefore, users are advised to install the patches as soon as they become available. While Google Pixel devices receive updates quickly, other manufacturers may take some time to release updates for certain models.
The post Google patches multiple Android vulnerabilities in August security update first appeared on HiTechExpert.top.