Google Releases August 2024 Android Security Update to Fix Kernel Vulnerability Exploited by Hackers
Today, Google released the Android operating system's August 2024 routine security update, which fixes a total of 46 security vulnerabilities, including a remote code execution (RCE) vulnerability that has been actively exploited by hackers.
This vulnerability, identified as CVE-2024-36971, is a Use-After-Free vulnerability in the Linux Kernel's network route management. Successful exploitation of this vulnerability could grant system permissions and alter certain network connections.
The vulnerability was first discovered by Clément Lecigne, a security researcher with Google's Threat Analysis Group (TAG), and was reported on May 28. Essentially, this vulnerability is a race condition issue within the Linux Kernel.
Google has expressed concern over indications that the vulnerability may have been exploited in limited, targeted attacks, allowing hackers to execute arbitrary code on unpatched devices without any user interaction.
For security reasons, Google has not yet released more details about this vulnerability (though there is already quite a bit of information available on the Linux Kernel), but a security patch is expected to be released to the Android Open Source Project (AOSP) repository within the next 48 hours.
Other OEMs will need to quickly obtain the latest patches from AOSP and adapt and test them accordingly. Users will have to wait for their OEM to adapt and release security updates to address this vulnerability.
The vulnerabilities discovered by the TAG are typically associated with state-sponsored hacker attacks, implying that hackers supported by nations or nationalist groups may be exploiting this vulnerability to target specific users.
These attacks are not usually launched on a wide scale like those by ordinary hackers but are quietly exploited to target specific victims to avoid detection and the subsequent patching of the vulnerability. Such no-interaction-required, remote code execution vulnerabilities are highly valuable, and their patching represents a significant loss to hackers.