CVE-2024-36971: Zero-Day Kernel Flaw Exploited in Targeted Attacks Against Android Devices
Google’s latest Android security updates have revealed a critical zero-day vulnerability actively exploited in targeted attacks. The flaw, designated CVE-2024-36971, resides within the Linux kernel’s network route management and could grant attackers system-level privileges on vulnerable devices.
How the Zero-Day Works
CVE-2024-36971 is categorized as a use-after-free (UAF) vulnerability, a type of memory corruption bug that can lead to unpredictable and often malicious consequences. In this case, successful exploitation could allow attackers to execute arbitrary code without user interaction, effectively taking complete control of the affected device.
While Google has acknowledged the exploitation of this zero-day, details remain scarce. The company has stated that the attacks appear to be “limited and targeted,” but the specific nature of the threat actors involved and their motivations remain undisclosed.
Android Users Urged to Patch Immediately
In the 2024-08-01 security patch level, a total of 13 high-severity vulnerabilities have been patched in the Android Framework, with 11 leading to the elevation of privilege, one to information disclosure, and one to denial-of-service (DoS). A high-severity vulnerability in the System component has also been addressed.
The second set of patches, arriving as the 2024-08-05 security patch level, includes fixes for 32 vulnerabilities in various components, including Kernel components, Arm components, Imagination Technologies, MediaTek components, Qualcomm components, and Qualcomm closed-source components. Notably, one critical vulnerability (CVE-2024-23350) in Qualcomm closed-source components has been addressed.
Android users are strongly encouraged to apply the 2024-08-01 and 2024-08-05 security patch levels as soon as possible to protect their devices from these threats. With the discovery of active exploitation, delaying updates could expose users to significant security risks.
