On Monday, Google released a significant update for Android, addressing two zero-day vulnerabilities that have been subject to limited, targeted exploitation. This highlights the ongoing risks faced by Android users, as hackers may have already exploited these flaws to compromise devices.
One of the vulnerabilities, identified as CVE-2024-53197, was discovered by Amnesty International in collaboration with Benoît Sevens from Google’s Threat Analysis Group, which monitors state-sponsored cyberattacks. In February, Amnesty revealed that the Israeli company Cellebrite, known for its phone unlocking and forensic analysis devices used by law enforcement, had exploited a series of vulnerabilities to access Android devices. This particular flaw was reportedly used against a Serbian student activist by local authorities using Cellebrite’s technology.
The second vulnerability, tracked as CVE-2024-53150, is less understood but has also been linked to Google’s Sevens. This flaw was located in the operating system kernel, which is crucial to Android’s functionality. Google has described the first vulnerability as critical, allowing for remote escalation of privileges without the need for user interaction, making it particularly dangerous.
Despite the urgency, Google has not provided extensive details on either flaw but mentioned that source code patches for both vulnerabilities will be released within 48 hours of the advisory. Furthermore, Android manufacturers are informed of security issues at least a month in advance of public disclosure, which means they are tasked with rolling out patches to their users due to the platform’s open-source nature.
Amnesty International’s spokesperson, Hajira Maryam, indicated that the organization currently has no further information to share. Given the implications of these vulnerabilities, users are encouraged to stay updated on security patches to safeguard their devices.
In summary, these developments underscore the critical need for Android users to remain vigilant and ensure their devices are up to date with the latest security enhancements to mitigate the risks associated with these vulnerabilities.
Fanpage:Â TechArena.au
Watch more about AI – Artificial Intelligence
