Google has launched its month-to-month safety updates for the Android working system to handle a recognized safety flaw that it stated has come underneath lively exploitation within the wild.
The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS rating: 7.8), pertains to a case of privilege escalation within the Android Framework element.
In accordance with the description of the bug within the NIST Nationwide Vulnerability Database (NVD), it considerations a logic error that might result in native escalation of privileges with out requiring any extra execution privileges.
“There are indications that CVE-2024-32896 may be under limited, targeted exploitation,” Google stated in its Android Safety Bulletin for September 2024.
It is price noting that CVE-2024-32896 was first disclosed in June 2024 as impacting solely the Google-owned Pixel lineup.
There are at present no particulars on how the vulnerability is being exploited within the wild, though GrapheneOS maintainers revealed that CVE-2024-32896 plugs a partial answer for CVE-2024-29748, one other Android flaw that has been weaponized by forensic firms.
Google later confirmed to The Hacker Information that the influence of CVE-2024-32896 goes past Pixel gadgets to incorporate your complete Android ecosystem and that it is working with unique gear producers (OEMs) to use the fixes the place relevant.
“This vulnerability requires physical access to the device to exploit and interrupts the factory reset process,” Google famous on the time. “Additional exploits would be needed to compromise the device.”
“We are prioritizing applicable fixes for other Android OEM partners and will roll them out as soon as they are available. As a best security practice, users should always update their devices whenever there are new security updates available.”
