In the latest Android monthly security update, Google fixed a total of 51 security vulnerabilities, including 2 security vulnerabilities that may have been exploited by spyware. The two exploited vulnerabilities were numbered CVE-2024-43047 and CVE-2024-43093, and Google said they were exploited in limited, targeted attacks.
CVE-2024-43047 is a use-after-free vulnerability (Use-after-Free) in the closed-source Qualcomm component in the Android kernel. With this vulnerability, attackers can escalate operating privileges. The vulnerability was disclosed in October by Qualcomm, which said it was in Qualcomm's digital signal processor (DSP).
CVE-2024-43093 is also a very harmful privilege escalation vulnerability, affecting Android framework components and Google Play system updates, especially in DocumentsUI.
Google did not disclose the specific details of the hacker attack, but the discoverer of the CVE-2024-43047 vulnerability believes that the vulnerability may be exploited by spyware to launch espionage operations against specific users.
Of the remaining 49 vulnerabilities, only CVE-2024-38408 is rated as a serious vulnerability. This vulnerability also comes from Qualcomm's closed-source components. The other vulnerabilities are medium or low-risk vulnerabilities. There is currently no evidence that these vulnerabilities have also been exploited by hackers.
It is worth noting that the security updates released by Google are only applicable to Android12~15. This is because Android11 and earlier versions no longer receive security update support. Occasionally, Google may mitigate these vulnerabilities through Google PlayProtect.
Therefore, if users still use Android 11 and earlier versions, the entire system will be full of various vulnerabilities as the incident progresses. Of course, there are still threats even when using Android 12~15. Some OEMs are very slow to adapt security patches or even do not provide security updates directly.
learn more:
https://source.android.com/docs/security/bulletin/2024-11-01