Security
Headlines
HeadlinesLatestCVEs

Headline

Google Confirms CVE-2024-32896 Exploited in the Wild, Releases Android Security Patch

Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), relates to a case of privilege escalation in the Android Framework component. According to the description of the bug in the NIST National

The Hacker News
#vulnerability#android#google#The Hacker News

Vulnerability / Mobile Security

Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild.

The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), relates to a case of privilege escalation in the Android Framework component.

According to the description of the bug in the NIST National Vulnerability Database (NVD), it concerns a logic error that could lead to local escalation of privileges without requiring any additional execution privileges.

“There are indications that CVE-2024-32896 may be under limited, targeted exploitation,” Google said in its Android Security Bulletin for September 2024.

It’s worth noting that CVE-2024-32896 was first disclosed in June 2024 as impacting only the Google-owned Pixel lineup.

There are currently no details on how the vulnerability is being exploited in the wild, although GrapheneOS maintainers revealed that CVE-2024-32896 plugs a partial solution for CVE-2024-29748, another Android flaw that has been weaponized by forensic companies.

Google later confirmed to The Hacker News that the impact of CVE-2024-32896 goes beyond Pixel devices to include the entire Android ecosystem and that it’s working with original equipment manufacturers (OEMs) to apply the fixes where applicable.

“This vulnerability requires physical access to the device to exploit and interrupts the factory reset process,” Google noted at the time. “Additional exploits would be needed to compromise the device.”

“We are prioritizing applicable fixes for other Android OEM partners and will roll them out as soon as they are available. As a best security practice, users should always update their devices whenever there are new security updates available.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories and its sub-directories,

Google Patches New Android Kernel Vulnerability Exploited in the Wild

Google has addressed a high-severity security flaw impacting the Android kernel that it has been actively exploited in the wild. The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution impacting the kernel. "There are indications that CVE-2024-36971 may be under limited, targeted exploitation," the tech giant noted in its monthly Android security

Google Patches New Android Kernel Vulnerability Exploited in the Wild

Google has addressed a high-severity security flaw impacting the Android kernel that it has been actively exploited in the wild. The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution impacting the kernel. "There are indications that CVE-2024-36971 may be under limited, targeted exploitation," the tech giant noted in its monthly Android security

Update now! Google Pixel vulnerability is under active exploitation

Google revealed that a firmware vulnerability in its Pixel devices has been under limited active exploitation

Google patches critical vulnerability for Androids with Qualcomm chips

Google has issued patches for 28 security vulnerabilities, including a critical patch for Androids with Qualcomm chips.