AndroidGoogle Addresses Two Android Zero-Days Used in Targeted Attacks

Google Addresses Two Android Zero-Days Used in Targeted Attacks

-

Android Zero-Days, Android, Google

In its November security update, Google has patched two critical Android zero-days actively exploited in targeted attacks, along with 49 additional vulnerabilities.

Google flagged these zero-day flaws, CVE-2024-43047 and CVE-2024-43093, as “under limited, targeted exploitation.” Although Google refrained from sharing specific exploitation details, Amnesty International researchers identified CVE-2024-43047, suggesting its potential role in spyware attacks against select targets.

Also read: New Android Spyware Campaign Targets South Koreans via AWS

Critical Android Zero-Days and Qualcomm Vulnerability

While CVE-2024-43047 and CVE-2024-43093 were the most urgent fixes, the update also addressed CVE-2024-38408, a critical vulnerability impacting Qualcomm components. These vulnerabilities affect Android versions 12 through 15, with some flaws exclusive to specific versions.

To structure its monthly updates, Google issues two patch levels: one addressing core Android vulnerabilities, and a second that includes both core and vendor-specific fixes. The November 1 patch resolves 17 Android security issues, while the November 5 patch introduces 34 additional fixes, covering vulnerabilities in components from manufacturers such as Qualcomm and MediaTek.

Updating to Ensure Protection Against Threats

Threat intelligence firm Cyble recommends that to install the latest Android security update, go to Settings> System> Software updates> System update, or Settings> Security & privacy> System & updates> Security update. Note that a restart is required to apply the updates.

Google has phased out support for Android 11 and older versions. However, devices on these older systems may still receive security updates for critical, actively exploited vulnerabilities through Google Play system updates, although this is not guaranteed. Users with unsupported Android devices should consider upgrading to newer models or installing third-party Android distributions that include the latest security patches.

This update underscores the importance of staying current with device updates to mitigate potential security threats, especially for users of high-risk devices and those relying on Android versions vulnerable to emerging exploits.

Mihir Bagwe

Mihir Bagwe

Bagwe has nearly half a decade of experience in reporting on the latest cybersecurity news and trends, and interviewing cybersecurity subject matter experts. He has previously worked with ISMG and CISO MAG, publications focussed on addressing the cybersecurity needs of the C-Suite, particularly the CISO and CIO communities.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Latest news

Must read

More

    Elon Musk’s pro-Trump Pac pouring millions into Facebook ads instead of X

    Elon Musk’s Pac is spending far more on ads...

    Google parent Alphabet sees double-digit growth as AI bets boost cloud business

    Alphabet, parent of Google and YouTube, saw a third...

    You might also likeRELATED
    Recommended to you

    0
    Would love your thoughts, please comment.x
    ()
    x