Google has disclosed an actively exploited zero-day vulnerability in the Android operating system, which is leveraged for remote code execution. The flaw, found in the Linux kernel component used by Android devices, was disclosed in Google's latest Android Security Bulletin for August 2024.
In addition to the actively exploited zero-day vulnerability, tracked as CVE-2024-36971, Android's latest security update addresses several other significant vulnerabilities including high-severity elevation of privilege (EoP) vulnerabilities within the Android Framework (e.g., CVE-2023-20971 and CVE-2024-34731), a remote information disclosure (ID) issue in the System component (CVE-2024-34727), and numerous high-severity flaws in components from Arm, Imagination Technologies, MediaTek, and Qualcomm.
Discovery and details
The vulnerability was discovered by Clement Lecigne, a security researcher who identified the improper handling of Reference Counted Unit (RCU) rules in the __dst_negative_advice() function of the Linux kernel. The issue arises when sk->dst_cache is not cleared correctly, potentially leading to a use-after-free (UAF) condition. This flaw became apparent following a specific commit that altered the behavior of UDP sockets.
Google's Android security team released the security bulletin alerting partners about the vulnerability and indicating that exploitation of CVE-2024-36971 has already been observed in limited, targeted attacks.
The flaw impacts multiple versions of the Android operating system, including 12, 12L, 13, and 14, potentially affecting millions of devices worldwide. Given the nature of the vulnerability and the active exploitation in the wild, users are urged to update their devices to the latest security patch levels immediately.
Google has implemented several mitigations to reduce the likelihood of successful exploitation. These include enhancements in newer Android versions and continuous monitoring for abuse through Google Play Protect. Google Play Protect is enabled by default on devices with Google Mobile Services, providing an additional layer of security by scanning apps and warning users about potentially harmful applications.
Recommendations
To protect against potential exploitation, users should:
- Ensure your Android device is updated to the latest security patch level (2024-08-05 or later).
- Keep Google Play Protect enabled to benefit from real-time scanning and protection.
- Only install apps from trusted sources such as the Google Play Store to minimize the risk of downloading malicious applications.
- Stay vigilant for additional security updates from device manufacturers and apply them promptly.
To update your Android device, head to Settings > Securty & privacy > System & updates > Security update, and tap on the ‘Check for update' button to fetch the latest update. Depending on your OEM and carrier, there might be some delays on the delivery of the latest patches for your model.
Android devices no longer receiving security updates by their OEMs should either be replaced with new models that are actively supported or use a third-party Android distribution that incorporates the latest security fixes.
Leave a Reply