Analysis Summary

Google has issued a warning about the active exploitation of a vulnerability affecting its Android operating system in the wild.

According to a code commit notice, the vulnerability, identified as CVE-2024-43093, is a privilege escalation bug in the Android Framework component that might allow unauthorized access to the "Android/data," "Android/obb," and "Android/sandbox" files and their subdirectories. Although Google admitted in its monthly bulletin that there are signs the vulnerability may be subject to limited, targeted exploitation, there is currently no information regarding how the issue is being exploited in actual attacks.

Additionally, the tech giant has identified CVE-2024-43047, a security flaw in Qualcomm chipsets that has been patched, as actively exploited. If the Digital Signal Processor (DSP) Service's use-after-free vulnerability is successfully exploited, memory damage may result. Two Google Project Zero researchers reported the vulnerability and verified the in-the-wild activity.

Although the vulnerability was probably used as part of highly targeted spyware operations directed at civil society participants, the advisory provides no information on the exploit activity targeting the flaw or when it might have begun. Furthermore, it is unknown at this time whether the two security flaws were combined into an exploit chain to increase privileges and execute code.

After CVE-2024-32896, which Google fixed in June and September 2024, CVE-2024-43093 is the second actively exploited Android Framework vulnerability. The company then acknowledged that the bug affects the entire Android ecosystem, even though it was initially fixed exclusively for Pixel smartphones.

Impact

• Privilege Escalation
• Unauthorized Access
• Cyber Espionage
• Code Execution

Indicators of Compromise

CVE

• CVE-2024-43093
• CVE-2024-43047

Affected Vendors

Remediation

• Upgrade to the latest version of Android, available from the Google Website.
• Organizations must test their assets for the vulnerabilities mentioned above and apply the available security patch or mitigation steps as soon as possible.
• Implement multi-factor authentication to add an extra layer of security to login processes.
• Regularly monitor network activity for any unusual behavior, as this may indicate that a cyberattack is underway.
• Organizations must stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
• Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
• Maintain regular backups of critical data and systems to ensure data recovery in case of a security incident.
• Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
• Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
• Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
• Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.