A concerning security weakness in Android’s operating system is currently being exploited by attackers, according to Google’s latest security update. The flaw, identified as CVE-2024-43093, enables unauthorized users to gain access to critical Android directories including data, obb, and sandbox folders.
Security Risks Extend to Qualcomm Devices
The problem doesn’t stop there. I found that Google also highlighted another actively exploited vulnerability (CVE-2024-43047) affecting Qualcomm chipsets. This security gap in the Digital Signal Processor Service could lead to memory problems if successfully attacked. Security researchers from Google Project Zero and Amnesty International Security Lab collaborated to identify and confirm this issue.
Technical Impact and Updates
My investigation reveals that Google has already fixed these vulnerabilities through recent security patches. The Android Framework vulnerability (CVE-2024-43093) follows a similar flaw (CVE-2024-32896) that was discovered and patched earlier in 2024. Initially, the fix was limited to Pixel devices, but Google later confirmed it affected many Android devices.
While the exact details of how attackers are using these vulnerabilities remain unclear, the security community suspects these flaws might be part of targeted attacks against specific individuals. Security experts haven’t confirmed if attackers are combining both vulnerabilities to gain deeper access to affected devices, but the possibility exists. Google continues to monitor the situation and implement protective measures for Android users.
Users running Android devices should immediately check for and install any available security updates to protect their devices from these active threats.
Source: The Hacker News
Read this also: FakeCall Malware Targets Android Users’ Bank Calls with Dangerous New Tricks
