Google recently addressed a significant security flaw in the Android kernel, identified as CVE-2024-36971, which has been actively exploited in real-world scenarios. This vulnerability, classified as a high-severity issue, allows for remote code execution within the kernel. While Google has acknowledged the exploitation of this vulnerability, the company has refrained from disclosing specific details about the attacks. The discovery of this flaw was credited to Clement Lecigne of Google's Threat Analysis Group (TAG), a team dedicated to investigating sophisticated cyber threats, including those from nation-state actors and commercial spyware vendors.
In addition to this kernel vulnerability, Google's August 2024 Android Security Bulletin addressed 47 other vulnerabilities across various components, including the Framework, System, and several chipset manufacturers like Qualcomm and MediaTek. These vulnerabilities ranged from Elevation of Privilege to Denial of Service (DoS), Remote Code Execution, and Information Disclosure. Among these, a particularly severe issue was identified in the Framework component, which could allow for local privilege escalation without needing additional execution rights. The security bulletin also referenced a previously addressed zero-day vulnerability, CVE-2024-32896, in the Pixel Firmware, which had been actively exploited in the wild.
