Google Patches Actively Exploited Android Flaws

Google has released patches for two Android vulnerabilities that are under active, targeted attacks. One of the flaws is in the main Android code base, while the other is in Qualcomm’s portion of Android. 

CVEs: CVE-2024-43047 and CVE-2024-43093

Why It Matters: Android is by far the most popular mobile platform and attackers often focus on known Android flaws because of the huge user base and the fact that many users don’t update their devices on a regular basis. In fact, in many parts of the world, users are often several versions behind on updates, so known vulnerabilities under active attack are always dangerous. 

Key Details: 

• CVE-2024-43093 is in the main Android framework and is rated as a high risk. It’s an elevation of privilege bug 

• CVE-2024-43047 is a use-after-free vulnerability in the Qualcomm components of Android and affects the kernel itself

• Google said that these vulnerabilities are under limited, targeted exploitation 

“Currently, the DSP updates header buffers with unused DMA handle fds. In the put_args section, if any DMA handle FDs are present in the header buffer, the corresponding map is freed. However, since the header buffer is exposed to users in unsigned PD, users can update

invalid FDs. If this invalid FD matches with any FD that is already in use, it could lead to a use-after-free (UAF) vulnerability,” Qualcomm said in its description of CVE-2024-43047.

Qualcomm released a patch for CVE-2024-43047 in October after researchers from Google’s Project Zero, Threat Analysis Group (TAG), and Amnesty International discovered the flaw and disclosed it to Qualcomm. TAG specifically monitors attacks and activity by high-level attack teams such as state-backed actors and other APTs, so when they discover in the wild exploitation it should be a high priority. 

Android users should update to the latest version as soon as possible.