Google’s November 2024 Android security update has introduced critical fixes for two security vulnerabilities, CVE-2024-43047 and CVE-2024-43093, which have been actively exploited in targeted attacks. Both flaws were rated high severity and required immediate attention due to their exploitation status. Impacted users should update to the security patch level 2024-11-05 to stay protected.
Details on actively exploited vulnerabilities
The first vulnerability, CVE-2024-43047, is a kernel-related flaw specifically affecting Qualcomm components, primarily in the FASTRPC driver. This component, used in Android’s DSP (Digital Signal Processor) infrastructure, encountered a use-after-free (UAF) issue. This flaw allows an attacker to execute code with elevated privileges, opening the door for potential data access or control over the device. Google’s Threat Analysis Group (TAG) previously flagged CVE-2024-43047 as under limited, targeted exploitation, underscoring the urgency of its patch. Qualcomm had issued guidance to OEMs with a recommendation to prioritize patch deployment on affected devices.
Further details revealed that the issue stems from the DSP kernel’s put_args function, where a UAF condition arises due to mismanagement of unused DMA (Direct Memory Access) handle file descriptors (FDs). If an attacker supplies an invalid FD that matches an active FD in the system, it could lead to unauthorized memory access. The patch ensures proper management of DMA handle references, mitigating the risk of misuse and preventing the use-after-free scenario from arising in the driver.
The second vulnerability, CVE-2024-43093, is an elevation of privilege (EoP) vulnerability within Android’s Documents UI component. This flaw allows unauthorized local privilege escalation, enabling an attacker to gain control of certain system functionalities without needing additional privileges.
Impact on Android
These vulnerabilities underscore the growing sophistication of attacks against Android’s low-level system components, which have a high impact due to their role in device operation and data processing.
Qualcomm, a major supplier of chipsets and components for Android devices, is at the epicenter this time, given that many Android devices rely on Qualcomm’s DSP architecture and FASTRPC driver, which are vital for processing multimedia and AI-driven tasks. Successful exploitation of CVE-2024-43047 could give attackers significant control over device functions tied to these components.
Google’s Android Security Team issued the fixes for both CVEs providing updates to the Android Open Source Project (AOSP) and working with device manufacturers to ensure prompt distribution. Devices running Android versions from Android 12 to the latest Android 15 are eligible for these security updates, though Google sometimes pushes critical fixes to older versions via Google Play system updates.
Apart from applying the latest update once it becomes available on your device, Android users are advised to enable Google Play Protect, a feature that continuously scans for potentially harmful applications (PHAs), providing an additional layer of defense. It is also recommended to only download apps from the official Google Play Store, as sideloaded apps do not undergo Google’s rigorous security checks, and are often carriers of malicious code.
Leave a Reply