Google Releases Security Patches to Fix Two Zero-Day Vulnerabilities in Android System Possibly Exploited by Spyware

In its latest Android monthly security update, Google has addressed 51 security vulnerabilities, including two that may have been exploited by spyware.

The two exploited vulnerabilities are identified as CVE-2024-43047 and CVE-2024-43093, which Google says have been used in limited, targeted attacks.

CVE-2024-43047 is a use-after-free vulnerability in a proprietary Qualcomm component within the Android kernel, which could allow attackers to elevate their privileges. This vulnerability was disclosed by Qualcomm in October and is located in Qualcomm's Digital Signal Processor (DSP).

CVE-2024-43093 is another critical privilege elevation vulnerability affecting Android framework components and Google Play system updates, especially within the Documents UI.

Google has not disclosed the specifics of the cyberattacks. However, the discoverer of CVE-2024-43047 believes the vulnerability may have been exploited by spyware to target specific users for espionage.

Of the remaining 49 vulnerabilities, only CVE-2024-38408 is rated as critical, also stemming from a proprietary Qualcomm component, with the rest being of medium or low severity. Currently, there's no evidence to suggest that these vulnerabilities have been exploited by hackers.

It's important to note that Google's security updates are only available for Android versions 12 to 15, as Android 11 and earlier versions no longer receive security updates. Occasionally, Google may mitigate these vulnerabilities through Google Play Protect.

Thus, users on Android 11 and earlier versions may find their systems increasingly vulnerable to various exploits over time. Even users on Android 12 to 15 are at risk, as some OEMs are slow to adapt security patches or may not provide updates at all.