Man
Professional
- Messages
- 3,038
- Reaction score
- 561
- Points
- 113
A critical vulnerability gives hackers access to your data.
Google has warned of a serious vulnerability in the Android operating system that is already being exploited by attackers. The vulnerability, known as CVE-2024-43093, is found in the Android Framework component and can lead to unauthorized access to the "Android/data", "Android/obb" and "Android/sandbox" directories, as well as their subdirectories.
While exact data on how this vulnerability is exploited is not yet available, Google's monthly bulletin indicates that it is already being used in targeted attacks with limited reach.
Google also reported a second actively exploited vulnerability, CVE-2024-43047 (CVSS: 7.8). This bug, found in Qualcomm processors and now fixed, is a use-after-free memory usage error in the Digital Signal Processor (DSP) service, which, if successful, can lead to memory corruption.
Last month, Google Project Zero researchers Seth Jenkins and Konghui Wang identified the vulnerability, and Amnesty International staff confirmed that it had been actively exploited.
The official alert does not specify details about the activity associated with this vulnerability or when it was exploited. There is a possibility that the vulnerability is being exploited as part of espionage attacks targeting civil society.
It is unknown whether both vulnerabilities are used in conjunction to escalate privileges and code execution, which could significantly increase the risk to users.
CVE-2024-43093 has become the second actively exploited vulnerability in the Android Framework in recent years. In June and September, Google released patches for a similar vulnerability, CVE-2024-32896, initially protecting only Pixel devices, and later a wider range of Android devices.
Source
Google has warned of a serious vulnerability in the Android operating system that is already being exploited by attackers. The vulnerability, known as CVE-2024-43093, is found in the Android Framework component and can lead to unauthorized access to the "Android/data", "Android/obb" and "Android/sandbox" directories, as well as their subdirectories.
While exact data on how this vulnerability is exploited is not yet available, Google's monthly bulletin indicates that it is already being used in targeted attacks with limited reach.
Google also reported a second actively exploited vulnerability, CVE-2024-43047 (CVSS: 7.8). This bug, found in Qualcomm processors and now fixed, is a use-after-free memory usage error in the Digital Signal Processor (DSP) service, which, if successful, can lead to memory corruption.
Last month, Google Project Zero researchers Seth Jenkins and Konghui Wang identified the vulnerability, and Amnesty International staff confirmed that it had been actively exploited.
The official alert does not specify details about the activity associated with this vulnerability or when it was exploited. There is a possibility that the vulnerability is being exploited as part of espionage attacks targeting civil society.
It is unknown whether both vulnerabilities are used in conjunction to escalate privileges and code execution, which could significantly increase the risk to users.
CVE-2024-43093 has become the second actively exploited vulnerability in the Android Framework in recent years. In June and September, Google released patches for a similar vulnerability, CVE-2024-32896, initially protecting only Pixel devices, and later a wider range of Android devices.
Source
