Android’s recent security updates have addressed 46 vulnerabilities, including a high-severity remote code execution (RCE) flaw that has been actively exploited in targeted attacks. The critical zero-day vulnerability, designated as CVE-2024-36971, is a use-after-free (UAF) issue found in the Linux kernel’s network route management. This vulnerability requires system execution privileges for successful exploitation and can alter the behavior of certain network connections.
Google has indicated that CVE-2024-36971 might be under limited, targeted exploitation, allowing threat actors to execute arbitrary code without user interaction on unpatched devices. This zero-day was discovered and reported by ClĂ©ment Lecigne, a security researcher from Google’s Threat Analysis Group (TAG).
Despite the active exploitation of this flaw, Google has not yet disclosed detailed information about how the flaw is being exploited or the specific threat actors behind these attacks. TAG researchers frequently uncover and disclose zero-days used in state-sponsored surveillance software attacks targeting high-profile individuals.
Source code patches for these issues are expected to be released to the Android Open Source Project (AOSP) repository within 48 hours from the advisory. Earlier this year, Google patched another zero-day exploited in attacks, tracked as CVE-2024-32896, a high-severity elevation of privilege (EoP) flaw in the Pixel firmware.
Google’s August security updates include two patch levels: 2024-08-01 and 2024-08-05. The latter includes additional patches for third-party closed-source and kernel components, such as a critical vulnerability (CVE-2024-23350) in a Qualcomm closed-source component. Not all Android devices may require the 2024-08-05 patch level, as device vendors might prioritize deploying the initial patch level to streamline updates without necessarily increasing the risk of potential exploitation.
While Google Pixel devices receive these updates immediately after release, other manufacturers may take additional time to roll out patches due to the need for further testing to ensure compatibility with various hardware configurations