Android Users Advised to Update Latest Security Patches to Address Actively Exploited Vulnerability
Google has rolled out its monthly security updates for the Android operating system to fix a known security vulnerability that has been actively exploited in the wild.
The significant vulnerability, identified as CVE-2024-32896 (CVSS score: 7.8), pertains to a case of privilege escalation in the Android Framework component.
As per the description of the flaw in the NIST National Vulnerability Database (NVD), it revolves around a logic error that could result in local privilege escalation without the need for any additional execution privileges.
“There are indications that CVE-2024-32896 might be subject to limited, targeted exploitation,” Google stated in the Android Security Bulletin for September 2024.
It is important to highlight that CVE-2024-32896 was initially disclosed in June 2024 as affecting solely the Google-owned Pixel series.
There is currently no specific information on the exploitation of the vulnerability in the wild, but GrapheneOS maintainers disclosed that CVE-2024-32896 addresses a partial solution for CVE-2024-29748, another Android weakness that has been weaponized by forensic firms.
Google subsequently confirmed to The Hacker News that the impact of CVE-2024-32896 extends beyond Pixel devices to encompass the entire Android ecosystem and that it is collaborating with original equipment manufacturers (OEMs) to implement the necessary patches where applicable.
“This vulnerability necessitates physical access to the device for exploitation and disrupts the factory reset process,” Google pointed out previously. “Additional exploits would be required to compromise the device.”
“We are prioritizing relevant fixes for other Android OEM partners and will deploy them as soon as they are ready. As a top security measure, users should regularly update their devices whenever new security patches are released.”
About Author
