Headline
Android vulnerability used in targeted attacks patched by Google
Google has issued security updates for 46 vulnerabilities, including a patch for a remote code execution flaw which has been used in limited targeted attacks.
Google has released patches for 46 vulnerabilities in Android, including a remote code execution (RCE) vulnerability that it says has been used in limited, targeted attacks.
You can find your device’s Android version number, security update level, and Google Play system level in your Settings app. You’ll get notifications when updates are available for you, but you can also check for updates.
If your Android phone is at patch level 2024-08-01 or later then the issues discussed below have been fixed. The updates have been made available for Android 12, 12L, 13, and 14. Android partners, such as Samsung, Sony, etc, are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for devices from all vendors.
For most Android devices, you can check for new updates like this: Under About phone or About device you can tap on Software updates, although there may be slight differences based on the brand, type, and Android version.
Technical details
The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The actively exploited vulnerability is listed as:
CVE-2024-36971 is a use after free (UAF) vulnerability in the Linux kernel. The vulnerability could lead to remote code execution with System execution privileges needed.
This Linux kernel vulnerability affects the Android OS because the Android kernel is based on an upstream Linux Long Term Supported (LTS) kernel. This kernel is like the engine of the operating system, managing the hardware and basic functions.
The Android kernel is based on a version of the Linux kernel, which is a popular core for many operating systems. Specifically, Android uses a version of the Linux kernel that is designated as “Long Term Supported” (LTS). This means it’s a version that gets updates and fixes for a longer period than regular versions, ensuring it stays secure and stable over time.
UAF is a type of vulnerability that happens when a program incorrectly handles its memory. When a program frees up a piece of memory but still tries to use it afterward, an attacker can exploit this mistake. This can cause the program to crash, behave unpredictably, or even run harmful code. In this case it allows the attacker to remotely execute code on the device if they have enough privileges.
Attackers would need to gain the needed privileges to use this vulnerability by combining it with other vulnerabilities.
We don’t just report on phone security—we provide it
Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.
Related news
Ubuntu Security Notice 7009-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.
Ubuntu Security Notice 7005-2 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 7008-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 7007-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.
Ubuntu Security Notice 7005-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
Red Hat Security Advisory 2024-5858-03 - An update for kpatch-patch-5_14_0-70_85_1 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include code execution, denial of service, and use-after-free vulnerabilities.
Ubuntu Security Notice 6979-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6951-4 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Red Hat Security Advisory 2024-5439-03 - Red Hat OpenShift Container Platform release 4.15.28 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory exhaustion vulnerability.
Red Hat Security Advisory 2024-5433-03 - Red Hat OpenShift Container Platform release 4.14.35 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and memory exhaustion vulnerabilities.
Ubuntu Security Notice 6951-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Red Hat Security Advisory 2024-5582-03 - An update for kpatch-patch-4_18_0-372_87_1 and kpatch-patch-4_18_0-372_91_1 is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-5522-03 - An update for kpatch-patch-4_18_0-553 is now available for Red Hat Enterprise Linux 8. Issues addressed include code execution and use-after-free vulnerabilities.
Ubuntu Security Notice 6951-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Red Hat Security Advisory 2024-5365-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include double free and null pointer vulnerabilities.
Red Hat Security Advisory 2024-5364-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include double free, memory leak, and null pointer vulnerabilities.
Red Hat Security Advisory 2024-5256-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include code execution, denial of service, and use-after-free vulnerabilities.
Ubuntu Security Notice 6953-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6951-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Google has addressed a high-severity security flaw impacting the Android kernel that it has been actively exploited in the wild. The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution impacting the kernel. "There are indications that CVE-2024-36971 may be under limited, targeted exploitation," the tech giant noted in its monthly Android security
Debian Linux Security Advisory 5730-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.