The Android Security Bulletin for August 2024 details vulnerabilities addressed by the 2024-08-05 security patch level.
The most critical issue is a high-severity vulnerability in the Framework component, which could potentially allow local privilege escalation without additional execution privileges.
Android partners were notified a month before, and source code patches will be released to the Android Open Source Project (AOSP) repository within 48 hours.
Researchers at Google patched the actively exploited Android Kernel zero-day in their latest security update, and this vulnerability was tracked as “CVE-2024-36971.”
Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access
This vulnerability is a use-after-free (UAF) security flaw. The bulletin highlights the role of Android security platform protections and Google Play Protect in mitigating these vulnerabilities, noting that severity assessments assume these safeguards are disabled or bypassed.
Android Kernel Zero-Day Patched
The Linux kernel’s network route management system has a serious use-after-free (UAF) vulnerability, which was tracked as “CVE-2024-36971.”
This flaw can enable attackers with system execution privileges to execute any code on unpatched devices without the involvement of users.
Such code could change the way network connections are made. Google affirmed that there is proof that some professionals have been exploiting this for specialty purposes; consequently, it is better if users do not downplay its seriousness.
It also threatens system integrity and network security as it may lead to stealthy attacks and consequently demands elevated privileges for exploitation.
Google’s TAG security researcher, Clement Lecigne, discovered and reported this critical security flaw.
While TAG has yet to reveal the particular tactics employed or the culprits behind it, the disclosure is harmonious with its continuous efforts to unveil the zero-day threats.
These types of vulnerabilities are commonly used in raids by state-controlled spying programs, which usually focus on renowned personalities like political leaders, human rights campaigners, or even news reporters.
TAG’s work exposes these dangers and shields the online safety of vulnerable device users globally.
Google issued two Android security patch sets for August 2024:-
The latter incorporates all fixes, plus additional patches for third-party closed-source and Kernel components, including a critical Qualcomm vulnerability.
While Google Pixel devices receive immediate updates, other manufacturers may delay the rollout to conduct compatibility testing across diverse hardware configurations.
This delay, however, doesn’t necessarily elevate the exploitation risks. Besides this, not all devices require the full 2024-08-05 patch level, allowing vendors to prioritize the initial patch for streamlined updates.
Mitigations
Here below, we have mentioned all the mitigations:-
- Update to the latest Android version to enhance security.
- Rely on Google Play Protect for monitoring and warnings against harmful apps.
- Ensure Google Play Protect is enabled, especially if installing apps from outside Google Play.
How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide