Google has released patches for 46 bugs affecting its Android operating system in its August 2024 security update. This includes an actively exploited kernel vulnerability tracked as CVE-2024-36971 affects the mobile operating system’s kernel, the central brain to the software.
Exploiting the flaw will allow the threat actor to remotely execute code with system privileges, paving a way to trigger an Android device into downloading and installing malware. Specifically, the flaw pertains to a kernel function called “__dst_negative_advice(),” which wasn’t enforcing a synchronization mechanism called Read-Copy Update or RCU that lead to use-after-free vulnerability.
Google hasn’t disclosed more details about the zero-day flaw since it’s under active exploitation and credited security researcher Clément Lecigne.
Other severe vulnerabilities included in the latest monthly updated are 11 framework vulnerabilities leading to escalation of privileges and a Qualcomm vulnerability considered to be critical by Google due to its potential impact on Android devices.
This Qualcomm flaw, tracked as CVE-2024-23350, can lead to a permanent denial-of-service if a specific combination of network message payloads is received by the device.
To protect yourself, Google is releasing the patch in the 2024-08-05 August security update that the company has begun distributing to Android vendors.
