Google Patches Actively Exploited Zero-Day in September Android Update
Google’s September 2024 Android security patch addresses 36 vulnerabilities, one of which has already been exploited in active targeted attacks. The zero-day flaw, tracked as CVE-2024-32896 (CVSS score of 7.8), was found to be a high-severity Elevation of Privilege (EoP) vulnerability. This vulnerability is especially concerning because it has been actively exploited by malicious actors, as confirmed by both Google and the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
CVE-2024-32896 is caused by a logic error in the Android code, allowing for local escalation of privilege without requiring additional execution privileges. The vulnerability requires some degree of user interaction to be exploited, but its ability to bypass security checks makes it particularly dangerous. Attackers could leverage this flaw to gain elevated permissions on an Android device, leading to unauthorized access to sensitive data or control over key functions.
The exploitation of this vulnerability has already been observed in highly targeted attacks, raising alarms about its potential for widespread use. According to Google, “There are indications that CVE-2024-32896 may be under limited, targeted exploitation.” This suggests that cybercriminals, as well as forensic companies, have been using this flaw to unlock Android devices without a PIN, gaining access to personal data stored on the device.
As a result of these findings, CISA added CVE-2024-32896 to its Known Exploited Vulnerabilities Catalog, urging organizations and individuals to ensure that their devices are updated promptly to avoid falling victim to such attacks.
In response to the exploitation of CVE-2024-32896, Google has released two patch sets for Android devices as part of the September 2024 security updates: 2024-09-01 and 2024-09-05 security patch levels. The first patch set addresses general vulnerabilities in Android’s framework, system, and kernel components, while the second patch set adds fixes for additional vulnerabilities, including those in third-party closed-source components such as Qualcomm chipsets.
Among the additional fixes in the 2024-09-05 patch level are two critical vulnerabilities in Qualcomm components, tracked as CVE-2024-33042 and CVE-2024-33052. These flaws were identified as critical, posing serious risks to devices running on Qualcomm chips if left unpatched. Exploiting these vulnerabilities could allow attackers to compromise a device’s core functionalities or gain unauthorized access to sensitive data.
For Pixel device users, CVE-2024-32896 was already patched in the June 2024 Security Patch, offering relief to those using Google’s flagship Android devices. However, users of other Android devices are strongly encouraged to apply the September patch as soon as possible to mitigate the risk posed by this zero-day flaw.
