Google Releases Android Security Patch For High-Severity Flaw

Google has identified and patched a critical zero-day vulnerability in its Android operating system that is being exploited actively in the wild.

The high-severity vulnerability tracked as CVE-2024-32896 (CVSS score: 7.8) is classified as a high-severity elevation of privilege (EoP) flaw in Pixel firmware.

An elevation of privilege vulnerability occurs when a user or app with lower privileges gains access to functions or content usually reserved for users or apps with higher privileges. If exploited, an attacker can perform actions such as stealing data or installing malware.

CVE-2024-32896 is related to a logic error in the Android framework component, which could lead to local escalation of privilege with no additional execution privileges needed, reads theย descriptionย of the bug in the NIST National Vulnerability Database (NVD).

However, user interaction is needed to exploit this vulnerability.

This vulnerability was first reported in theย June Pixel security updateย when a patch was released only for the Google-owned Pixel line-up. However, the impact of the CVE-2024-32896 flaw is not limited to Pixel devices and includes the entire Android ecosystem.

“There are indications that CVE-2024-32896 may be under limited, targeted exploitation,” Google wroteย in its September 2024 Android Security Bulletin.

As usual, Google has not provided any technical information on how the vulnerability is being exploited in the wild.

To protect against potential exploits, it is strongly recommended that all Android users install security updates immediately on their devices.

To install the latest security updates,ย go toย Settings > System > Software updates > System update.

Alternatively, you can go to Settings > Security & privacy > System & updates > Security updateย and click on the ‘Check for update’ button.

Besides the CVE-2024-32896 vulnerability, Google has also patched another nine high-severity flaws affecting the Android framework and system in the September 2024 security update.

Subscribe to our newsletter

To be updated with all the latest news

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Subscribe to our newsletter

To be updated with all the latest news

Read More

Suggested Post