Google has uncovered a serious flaw in Android that hackers are already exploiting.The company disclosed and patched the previously unknown “zero-day” flaw in this month’s security update for Android. The vulnerability, dubbed CVE-2024-36971, is particularly dangerous because it affects the mobile operating system’s kernel, the central brain to the software. “There are indications that CVE-2024-36971 may be under limited, targeted exploitation,” Google warned in the security update. By exploiting the flaw, a hacker can remotely execute code with system privileges, paving a way to trigger an Android device into downloading and installing malware. Specifically, the flaw pertains to a kernel function called “__dst_negative_advice(),” which wasn’t enforcing a synchronization mechanism called Read-Copy Update or RCU. The resulting bug can lead to a use-after-free vulnerability, where the operating system is re-accessing a memory location, even though the memory space has been freed up or deallocated. The effect can trigger memory corruption, crashes, or a way to manipulate a system to run unauthorized computer code.
Recommended by Our Editors
Google hasn’t disclosed more details about the zero-day flaw. But the “limited, targeted exploitation” of the vulnerability suggests elite hackers from a government or a commercial spyware vendor have been abusing the bug to attack high-profile victims of interest. These groups also have the resources to fund research into hacking the Android OS, including finding new flaws in the software. Google has credited the vulnerability’s discovery to security researcher Clément Lecigne, who previously uncovered vulnerabilities that surveillance companies have abused to target users. To protect yourself, Google is releasing the patch in the 2024-08-05 August security update that the company has begun distributing to Android vendors.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
