Google also suggested one of the two security flaws was a zero-click vulnerability, which means user interaction was not required to compromise the security of a targeted device.
Google has released fixes for two security bugs in Android devices that were found to have been actively exploited, which means that hackers used these vulnerabilities to gain access to Android systems.
The security flaws “may be under limited, targeted exploitation,” Google said in a security bulletin published on the Android blog on Monday, April 7.
Since the hackers may have exploited the Android security bugs before developers knew about it and released patches for it, the security attack could be termed as a zero-day attack. Google also suggested that one of the two security flaws was a zero-click vulnerability, meaning that user interaction was not required to compromise the security of targeted Android devices.
The most severe of these issues is a critical security vulnerability in the System component that could lead to remote escalation of privilege with no additional execution privileges needed,” the security bulletin read.
Google further said that source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours. Android partners are generally notified of all such issues at least a month before a security bulletin is released, it added
One of the two zero-day security flaws termed as ‘CVE-2024-53150’ was first identified by global non-profit Amnesty International in collaboration with Google’s Threat Analysis Group (TAG).
The second zero-day security flaw termed as ‘CVE-2024-53197’ was also flagged by Google’s security team that primarily monitors State-backed cyberattacks. This vulnerability was reportedly found in the kernel or core of the Android operating system.
In February this year, Amnesty International released a report which found that Israeli forensic software vendor Cellebrite had allegedly exploited three zero-day vulnerabilities to hack into Android phones. It is worth noting that Cellebrite’s customers include law enforcement authorities looking to use the company’s tools to unlock and forensically analyse devices confiscated in connection with their investigations.
No comments yet. Be the first to comment!
No upcoming events found.
CISO Frontiers.© All Rights Reserved.
Design by UBS Forums
