Google Patches New Android Kernel Vulnerability Exploited in the Wild

Google has addressed a high-severity security flaw impacting the Android kernel that it said has been actively exploited in the wild.

The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution impacting the kernel.

“There are indications that CVE-2024-36971 may be under limited, targeted exploitation,” the tech giant noted in its monthly Android security bulletin for August 2024.

As is typically the case, the company did not share any additional specifics on the nature of the cyber attacks exploiting the flaw or attribute the activity to a particular threat actor or group. It’s currently not known if Pixel devices are also impacted by the bug.

That said, Clement Lecigne of Google’s Threat Analysis Group (TAG) has been credited with reporting the flaw, suggesting that it’s likely being exploited by commercial spyware vendors to infiltrate Android devices in narrowly targeted attacks.

The August patch addresses a total of 47 flaws, including those identified in components associated with Arm, Imagination Technologies, MediaTek, and Qualcomm.

Also resolved by Google are 12 privilege escalation flaws, one information disclosure bug, and one denial-of-service (DoS) flaw impacting the Android Framework.

In June 2024, the search company revealed that an elevation of privilege issue in Pixel Firmware (CVE-2024-32896) has been exploited as part of limited and targeted attacks.

Google subsequently told The Hacker News that the issue’s impact goes beyond Pixel devices to include the broader Android platform and that it’s working with OEM partners to apply the fixes where applicable.

Previously, the company also closed out two security flaws in the bootloader and firmware components (CVE-2024-29745 and CVE-2024-29748) that were weaponized by forensic companies to steal sensitive data.

The development comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2018-0824, a remote code execution flaw impacting Microsoft COM for Windows to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply fixes by August 26, 2024.

The addition follows a report from Cisco Talos that the flaw was weaponized by a Chinese nation-state threat actor named APT41 in a cyber attack aimed at an unnamed Taiwanese government-affiliated research institute to achieve local privilege escalation.

Update

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on August 7, 2024, added CVE-2024-36971 to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the patches by August 28, 2024.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.