Google Patches 46 Android Vulnerabilities, Including Actively Exploited RCE

Google released the August 2024 security update for the Android operating system, addressing a total of 46 security vulnerabilities, including a remote code execution (RCE) vulnerability that has already been exploited by hackers.

This vulnerability, identified as CVE-2024-36971, is a use-after-free flaw in the network routing management of the Linux Kernel. Successfully exploiting this vulnerability can grant system privileges and allow changes to certain network connections.

The vulnerability was first discovered by Clément Lecigne, a security researcher with Google’s Threat Analysis Group (TAG), and was reported on May 28. Essentially, this flaw is a race condition issue within the Linux Kernel. Alarmingly, Google has indicated that there are signs of this vulnerability being exploited in a limited, targeted manner, allowing hackers to execute arbitrary code on unpatched devices without user interaction.

For security reasons, Google has not yet disclosed further details about the vulnerability (although there is considerable information available in the Linux Kernel documentation). The security patch will be released to the Android Open Source Project (AOSP) repository within the next 48 hours.

Other OEMs must quickly acquire the latest AOSP patches, adapt, and test them, while users must wait for their OEMs to release the adapted security updates to mitigate these vulnerabilities.

The TAG group often finds such vulnerabilities in connection with state-sponsored hacking, suggesting that nation-state or nationalist groups may be exploiting this flaw to target specific users.

These attacks are usually conducted stealthily, focusing on specific targets to avoid detection and subsequent patching of the vulnerability. Vulnerabilities that allow remote code execution without user interaction are highly valuable, and their remediation can represent a significant loss for the hackers exploiting them.