An illustration of the Android robot with a shield emblem, symbolizing security updates, set against a futuristic digital grid background with glowing lines and icons like locks and exclamation marks, emphasizing cybersecurity.

Update Now: Google Patches Critical Zero-Day Vulnerabilities in Android

Security| Android| Phone
November 11, 2024•1 min read

Google has recently released security updates addressing 51 vulnerabilities in the Android operating system, including two zero-day vulnerabilities currently under active exploitation. These updates are available for Android versions 12, 12L, 13, 14, and 15. Users are advised to update their devices promptly to ensure protection against these security threats.

Key Vulnerabilities Addressed:

1. CVE-2024-43047: A high-severity use-after-free vulnerability in closed-source Qualcomm components within the Android kernel. This flaw could allow an attacker to escalate privileges on targeted devices. Qualcomm disclosed this issue in October 2024, noting its potential for limited, targeted exploitation.

2. CVE-2024-43093: A high-severity escalation of privilege vulnerability impacting the Android Framework and Google Play system updates. This vulnerability is also under limited, targeted exploitation.

3. CVE-2024-43091: A high-severity remote code execution vulnerability in the System component, which could enable an attacker to execute code remotely without additional execution privileges.

4. CVE-2024-38408: The only vulnerability listed as critical in this update, described as a cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. This issue affects Bluetooth technology and has been patched by Qualcomm.

Recommendations for Users:

- Check for Updates: Navigate to your device's settings, typically under "About phone" or "About device," and select "Software updates" to check for new updates. The process may vary slightly depending on the device brand and Android version.

- Verify Patch Level: Ensure your device's security patch level is 2024-11-05 or later to confirm that these vulnerabilities have been addressed.

- Stay Informed: Regularly monitor official channels for security updates and apply them promptly to maintain device security.

Keeping your Android device updated is crucial for protecting against known vulnerabilities and ensuring overall security. For more detailed information, refer to the official announcement by Malwarebytes.

Back to Blog