Security News > 2024 > August > Google Patches New Android Kernel Vulnerability Exploited in the Wild

Google Patches New Android Kernel Vulnerability Exploited in the Wild
2024-08-06 06:12

Google has addressed a high-severity security flaw impacting the Android kernel that it has been actively exploited in the wild.

That said, Clement Lecigne of Google's Threat Analysis Group has been credited with reporting the flaw, suggesting that it's likely being exploited by commercial spyware vendors to infiltrate Android devices in narrowly targeted attacks.

Also resolved by Google are 12 privilege escalation flaws, one information disclosure bug, and one denial-of-service flaw impacting the Android Framework.

Google subsequently told The Hacker News that the issue's impact goes beyond Pixel devices to include the broader Android platform and that it's working with OEM partners to apply the fixes where applicable.

Previously, the company also closed out two security flaws in the bootloader and firmware components that were weaponized by forensic companies to steal sensitive data.

The development comes as the U.S. Cybersecurity and Infrastructure Security Agency added CVE-2018-0824, a remote code execution flaw impacting Microsoft COM for Windows to its Known Exploited Vulnerabilities catalog, requiring federal agencies to apply fixes by August 26, 2024.


News URL

https://thehackernews.com/2024/08/google-patches-new-android-kernel.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2018-05-09 CVE-2018-0824 Deserialization of Untrusted Data vulnerability in Microsoft products
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
network
low complexity
microsoft CWE-502
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995
Kernel 3 0 7 4 1 12