Google Releases August 2024 Android Security Update to Fix Kernel Vulnerability Exploited by Hackers

Today, Google released the Android operating system's August 2024 routine security update, which fixes a total of 46 security vulnerabilities, including a remote code execution (RCE) vulnerability that has been actively exploited by hackers.

This vulnerability, identified as CVE-2024-36971, is a Use-After-Free vulnerability in the Linux Kernel's network route management. Successful exploitation of this vulnerability could grant system permissions and alter certain network connections.

The vulnerability was first discovered by Clément Lecigne, a security researcher with Google's Threat Analysis Group (TAG), and was reported on May 28. Essentially, this vulnerability is a race condition issue within the Linux Kernel.

Google has expressed concern over indications that the vulnerability may have been exploited in limited, targeted attacks, allowing hackers to execute arbitrary code on unpatched devices without any user interaction.

For security reasons, Google has not yet released more details about this vulnerability (though there is already quite a bit of information available on the Linux Kernel), but a security patch is expected to be released to the Android Open Source Project (AOSP) repository within the next 48 hours.

Other OEMs will need to quickly obtain the latest patches from AOSP and adapt and test them accordingly. Users will have to wait for their OEM to adapt and release security updates to address this vulnerability.

The vulnerabilities discovered by the TAG are typically associated with state-sponsored hacker attacks, implying that hackers supported by nations or nationalist groups may be exploiting this vulnerability to target specific users.

These attacks are not usually launched on a wide scale like those by ordinary hackers but are quietly exploited to target specific victims to avoid detection and the subsequent patching of the vulnerability. Such no-interaction-required, remote code execution vulnerabilities are highly valuable, and their patching represents a significant loss to hackers.

Android(64)AOSP(2)RCE(3)Remote code execution(2)Vulnerabilities(8)

Copyright Notice:
Thank you for reading. This article was written by Landian News, and the author is Brook.X. If you wish to repost this article, please include a link to the original: https://landian.news/article/2972.html

{{userData.name}}

Google Releases August 2024 Android Security Update to Fix Kernel Vulnerability Exploited by Hackers

Windows high-risk security vulnerability CVE-2024-38077 PoC released IT administrators should ensure all machines are updated

Google Enhances Security: New Anti-Theft Lockdown for Android 10+ Devices

Google releases Android 15 QPR2, bringing Linux kernel updates to devices using Tensor

Kraken Crypto Exchange Hit by Exploitation and Extortion from Security Firm CertiK

Microsoft Releases Windows 11 Android Subsystem Update 2407, Potentially One of Its Last

Elevating the Smart TV Experience: Android 14 TV Now Official

After a Decade, Google Finally Pulls the Plug on the Iconic Google Now Launcher

Dr.Web Discovers Android.Vo1d Virus Targeting Android Set-Top Boxes, Over 1.3 Million Devices Infected

Google has recently ceased generating fat APKs for applications, now only offering AAB packages, which could impact user sideloading installations.

Windows TCP/IP Vulnerability Draws Industry Attention: Remote Code Execution Possible with Specially Crafted IPv6 Packets

MAS v2.8: The Ultimate Free Activation Script for Windows & Office

Arc Browser Halts Development: What's Next for The Browser Company?

Microsoft Once Again Delays the Launch of Windows Recall, Citing the Need for Further Refinement

Apple No Longer Requires Developers to Be in the EU for Debugging iOS Alternative Browser Engines/NFC, etc.

OpenAI's ChatGPT for Windows/Mac Client Introduces Advanced Real-Time Voice Features

Linux Kernel Project Removes Entries of Several Russian Contributors Due to "Compliance Requirements"

Apple Allows EU Users to Delete Core Apps Like App Store and Photos in iOS 18.2

Apple Blocks Methods to Bypass AI Restrictions in iOS 18.2 Beta 3, Including Nugget Software