In August 2024, the developers of the Android mobile operating system released safety updates, addressing 46 issues, including a serious remote code vulnerability that could be exploited in targeted attacks.
The vulnerability, identified as CVE-2024-36971, involves a memory error known as Use-After-Free (UAF) in managing network routes in the Linux kernel. Successful exploitation of this vulnerability requires system-level privileges, enabling attackers to manipulate specific network connections.
Google has revealed that there are indications of limited targeted exploitation of CVE-2024-36971, allowing threat actors to execute malicious code without user interaction on certain unsupported devices.
While specific details about the exploitation methods and perpetrators behind the attacks have not been disclosed by Google, such vulnerabilities are often leveraged by state-sponsored APT hackers for high-profile attacks.
“The source code fixes for these issues will be published in the Android Open Source Project (AOSP) repository within the next 48 hours,” stated the developers. Android partners were informed about these identified issues at least a month prior to the release of the patch bulletin.
Earlier this year, Google addressed another zero-day vulnerability that was actively exploited in the wild. This privilege escalation vulnerability in Pixel firmware had been exploited by forensic companies to bypass Android device lockscreens and access sensitive data.
For the August Security Update, Google issued two patch sets: security levels 2024-08-01 and 2024-08-05. The latter includes all fixes from the first set and additional patches for closed components from third-party manufacturers and kernels, such as a critical vulnerability (CVE-2024-23350) in a Qualcomm closed component.
It is important to note that not all Android devices require the patches included in patch level 2024-08-05. Device manufacturers may prioritize the initial patch level to streamline the update process, which does not necessarily imply an increased risk of exploitation.
Google Pixel devices receive monthly security updates immediately upon release, while other manufacturers may take time to test and deploy patches to ensure compatibility with their devices’ hardware configurations.