Google Addresses Actively Exploited Android Flaw: Releases Monthly Security Update

September 4, 2024

Google has launched its regular security updates for the Android operating system, addressing a critical vulnerability that is currently being exploited in the wild. The vulnerability, labeled as CVE-2024-32896, has a CVSS score of 7.8 and involves privilege escalation in the Android Framework component. The National Institute of Standards and Technology's National Vulnerability Database (NVD) describes the bug as a logic error that could allow for local escalation of privileges without the need for extra execution privileges.

Google's Android Security Bulletin for September 2024 mentioned, "There are indications that CVE-2024-32896 may be under limited, targeted exploitation." The vulnerability was initially revealed in June 2024 as exclusively affecting Google's Pixel devices. However, details about how the vulnerability is being actively exploited remain undisclosed.

According to the maintainers of GrapheneOS, CVE-2024-32896 provides a partial fix for another Android flaw, CVE-2024-29748, which has been weaponized by forensic firms. Google later confirmed that the impact of CVE-2024-32896 extends beyond Pixel devices and encompasses the entire Android ecosystem. The tech giant is now collaborating with original equipment manufacturers (OEMs) to implement the fixes where needed.

Google highlighted, "This vulnerability requires physical access to the device to exploit and interrupts the factory reset process," adding that "Additional exploits would be needed to compromise the device." Google is prioritizing the development of fixes for other Android OEM partners and plans to release them as soon as they are ready. Google also advised users to always update their devices whenever new security updates are available as a part of best security practices.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.