Security News > 2024 > November > Google patches actively exploited Android vulnerability (CVE-2024-43093)
Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, a vulnerability in the Google Play framework. The exploited vulnerabilities (CVE-2024-43047, CVE-2024-43093) Qualcomm patched CVE-2024-43047 – a use-after-free vulnerability in the Digital Signal Processor (DSP) service that could be exploited to escalate privileges on targeted devices – in October 2024, and urged original equipment manufacturers (OEMs) to deploy the patches … More → The post Google patches actively exploited Android vulnerability (CVE-2024-43093) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/11/05/cve-2024-43093/
Related news
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)
- Google launches on-device AI to alert Android users of scam calls in real-time (source)
- Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287) (source)
- Google's New Restore Credentials Tool Simplifies App Login After Android Migration (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-13 | CVE-2024-43093 | Unspecified vulnerability in Google Android In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. | 7.8 |
| 2024-10-07 | CVE-2024-43047 | Use After Free vulnerability in Qualcomm products Memory corruption while maintaining memory maps of HLOS memory. | 7.8 |