Uncover the latest 46 Vulnerabilities Patched Google’s swift response, Fight Against Android Kernel Zero-Day Exploit!

Continue reading
This recent Android security updates have drawn significant attention. These updates have addressed a total of 46 vulnerabilities, including a high-severity Remote Code Execution (RCE) exploit that has been used in targeted attacks.
The zero-day exploit, officially identified as CVE-2024-36971, is a 'Use After Free' (UAF) vulnerability present in the Linux kernel's network route management. This exploit requires system execution privileges for successful exploitation and can alter the behavior of certain network connections.
This exploit was particularly alarming due to its high-severity nature. It allowed for Remote Code Execution (RCE), which means that an attacker could potentially run arbitrary code on a victim’s device without their knowledge.
This could lead to a range of malicious activities, from data theft to the installation of unwanted software that could be malicious.
Google has indicated that CVE-2024-36971 may be under limited, targeted exploitation. This suggests that threat actors could potentially exploit this vulnerability to execute arbitrary code without user interaction on unpatched devices.
The zero-day vulnerability was discovered and reported by Clément Lecigne, a security researcher from Google's Threat Analysis Group (TAG).
Although Google has not yet provided specific details about the exploitation of the flaw or the threat actor behind the attacks, Google TAG security researchers frequently identify and disclose zero-days used in state-sponsored surveillance software attacks targeting high-profile individuals.
In response to this threat, Google has announced that source code patches for these issues will be released to the Android Open Source Project (AOSP) repository within the next 48 hours.
Earlier this year, Google patched another zero-day exploit used in attacks: a high-severity Elevation of Privilege (EoP) flaw in the Pixel firmware, tracked as CVE-2024-32896 by Google and CVE-2024-29748 by GrapheneOS.
Forensic companies exploited this vulnerability to unlock Android devices without a PIN and gain access to the stored data.
Google has released two patch sets for the August security updates: the 2024-08-01 and 2024-08-05 security patch levels. The latter includes all the security fixes from the first set and additional patches for third-party closed-source and Kernel components, like a critical vulnerability (CVE-2024-23350) in a Qualcomm closed-source component.
Not all Android devices might need security vulnerabilities that apply to the 2024-08-05 patch level. Device vendors may prioritize deploying the initial patch level to streamline the update process. However, this does not necessarily indicate an increased risk of potential exploitation.
It's important to note that while Google Pixel devices receive monthly security updates immediately after release, other manufacturers may require some time before rolling out the latest security patches.
The delay is necessary for additional testing of the security patches to ensure compatibility with various hardware configurations.

Splunk disclosed CVE-2026-20253, a critical pre-auth RCE flaw in Splunk Enterprise (CVSS 9.8) from insecure MongoDB defaults. Patches released; upgrade to 9.1.8, 9.2.5, or 9.3.2.