Security News > 2024 > November > Google patches actively exploited Android vulnerability (CVE-2024-43093)
Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, a vulnerability in the Google Play framework. The exploited vulnerabilities (CVE-2024-43047, CVE-2024-43093) Qualcomm patched CVE-2024-43047 – a use-after-free vulnerability in the Digital Signal Processor (DSP) service that could be exploited to escalate privileges on targeted devices – in October 2024, and urged original equipment manufacturers (OEMs) to deploy the patches … More → The post Google patches actively exploited Android vulnerability (CVE-2024-43093) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/11/05/cve-2024-43093/
Related news
- Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 (source)
- Google OAuth Vulnerability Exposes Millions via Failed Startup Domains (source)
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation (source)
- New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Google blocked 2.36 million risky Android apps from Play Store in 2024 (source)
- Google Bans 158,000 Malicious Android App Developer Accounts in 2024 (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-13 | CVE-2024-43093 | Unspecified vulnerability in Google Android In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. | 7.8 |
| 2024-10-07 | CVE-2024-43047 | Use After Free vulnerability in Qualcomm products Memory corruption while maintaining memory maps of HLOS memory. | 7.8 |