Security News > 2024 > November > Google patches actively exploited Android vulnerability (CVE-2024-43093)

Google patches actively exploited Android vulnerability (CVE-2024-43093)
2024-11-05 11:18

Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, a vulnerability in the Google Play framework. The exploited vulnerabilities (CVE-2024-43047, CVE-2024-43093) Qualcomm patched CVE-2024-43047 – a use-after-free vulnerability in the Digital Signal Processor (DSP) service that could be exploited to escalate privileges on targeted devices – in October 2024, and urged original equipment manufacturers (OEMs) to deploy the patches … More → The post Google patches actively exploited Android vulnerability (CVE-2024-43093) appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/11/05/cve-2024-43093/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-11-13 CVE-2024-43093 Unspecified vulnerability in Google Android
In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization.
local
low complexity
google
7.8
2024-10-07 CVE-2024-43047 Use After Free vulnerability in Qualcomm products
Memory corruption while maintaining memory maps of HLOS memory.
local
low complexity
qualcomm CWE-416
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 141 994 4925 2877 1623 10419
Android 4 0 17 2 0 19