Android Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw

Cyber Security

Sep 04, 2024Ravie LakshmananVulnerability / Mobile Security

Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild.

The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), relates to a case of privilege escalation in the Android Framework component.

According to the description of the bug in the NIST National Vulnerability Database (NVD), it concerns a logic error that could lead to local escalation of privileges without requiring any additional execution privileges.

“There are indications that CVE-2024-32896 may be under limited, targeted exploitation,” Google said in its Android Security Bulletin for September 2024.

It’s worth noting that CVE-2024-32896 was first disclosed in June 2024 as impacting only the Google-owned Pixel lineup.

There are currently no details on how the vulnerability is being exploited in the wild, although GrapheneOS maintainers revealed that CVE-2024-32896 plugs a partial solution for CVE-2024-29748, another Android flaw that has been weaponized by forensic companies.

Google later confirmed to The Hacker News that the impact of CVE-2024-32896 goes beyond Pixel devices to include the entire Android ecosystem and that it’s working with original equipment manufacturers (OEMs) to apply the fixes where applicable.

“This vulnerability requires physical access to the device to exploit and interrupts the factory reset process,” Google noted at the time. “Additional exploits would be needed to compromise the device.”

“We are prioritizing applicable fixes for other Android OEM partners and will roll them out as soon as they are available. As a best security practice, users should always update their devices whenever there are new security updates available.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Articles You May Like

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities
Samsung Galaxy S25 Series Tipped to Launch on January 22 During Galaxy Unpacked Event
Elon Musk’s xAI raising up to $6 billion to purchase 100,000 Nvidia chips for Memphis data center
PlayStation Portal Gets Cloud Streaming Support for Select PS5 Games With New Update
Smart ring leader Oura plans international push as CEO touts new features and thinking on hardware