Google Patches Zero-Day Android Kernel Flaw Exploited in Targeted Attacks 

• A patch for a high-severity zero-day was released by Google in its latest security advisory.
• The CVE-2024-36971 vulnerability impacted the Android kernel, allowing remote code execution.
• The flaw refers to a weakness in the Linux kernel's network route management. 

Google has addressed a high-severity zero-day vulnerability that impacted the Android kernel that has been actively exploited in the wild in targeted attacks via its August 2024 Android Security Bulletin. The Alphabet-owned company found indications of limited, targeted exploitation of this flaw.

The flaw with Common Vulnerabilities and Exposures (CVE) code CVE-2024-36971 is a Use-After-Free (UAF) weakness in the Linux kernel's network route management that permits Remote Code Execution (RCE). Attackers can exploit it on unpatched devices for arbitrary code execution. 

The latest security bulletin stated that source code patches for these issues have yet to be released to the Android Open Source Project (AOSP) repository.

The bulletin also mentions a severe high-security vulnerability in the Framework component that could lead to local escalation of privilege (EoP) without the need for additional execution privileges.

Recently, Google announced a June 2024 Pixel update bulletin with security vulnerabilities and functional improvements, including EoP, RCE, information disclosure, and denial of service (DDoS), which impact Pixel devices and Qualcomm components. 

One of these was CVE-2024-32896, an actively exploited firmware EoP flaw in Pixel phones. Thankfully, it came with a fix.

Android users have been plagued by various security issues lately. This month, a novel Remote Access Trojan (RAT) was seen infecting Android devices via smishing to steal funds, employing Account Takeover (ATO) via a well-known technique called On Device Fraud (ODF).

An SMS stealer campaign distributed via roughly 2,600 automated Telegram bots infected Android devices in 113 countries, including India, Russia, Brazil, Mexico, the U.S., and more, stealing one-time 2FA passwords (OTPs) for over 600 services. 

Telegram for Android’s now-patched zero-day vulnerability downloaded a malicious APK payload on users’ phones, displaying an Android app as a multimedia preview shared in channels, groups, and chat.