Google has announced that it has discovered a critical security vulnerability in the Android operating system and has immediately started working on addressing it. The vulnerability, identified as CVE-2024-36971, allows cyber attackers to gain remote access to devices.
Google Working on Fixing the Android Vulnerability
In the August 2024 Android security bulletin, Google revealed that it had detected signs of the CVE-2024-36971 vulnerability being used in limited and targeted attacks. However, as usual, Google refrained from providing specific details about the attacks or identifying the hacker groups or individuals involved.
The vulnerability, discovered by Clement Lecigne from Google’s Threat Analysis Group (TAG), indicates that it may have been exploited by malicious groups involved in creating espionage software.
The August patch released by Google addresses this vulnerability along with a total of 47 other vulnerabilities. The patches also resolved a significant DoS (Denial of Service) vulnerability affecting hardware manufacturers such as Arm, Imagination Technologies, MediaTek, and Qualcomm.
In June 2024, Google had previously disclosed that a privilege escalation vulnerability (CVE-2024-32896) found in Pixel firmware was being used in limited attacks. Google had stated that this issue was not limited to Pixel devices but also affected the broader Android platform and had worked with other manufacturers to resolve it. This security flaw was also promptly fixed.
To protect yourself from this security vulnerability, it is advisable to regularly perform security updates on your device.