August 28, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Mirai Botnet Uses Ivanti Connect Secure Vulnerabilities to Deliver Malicious Payloads – Active IOCs
May 10, 2024
CVE-2024-4671 – Google Chrome Vulnerability
May 10, 2024
Mirai Botnet Uses Ivanti Connect Secure Vulnerabilities to Deliver Malicious Payloads – Active IOCs
May 10, 2024
CVE-2024-4671 – Google Chrome Vulnerability
May 10, 2024
Severity
High
Analysis Summary
CVE-2024-0042 CVSS:6.2
Google Android could allow a local attacker to bypass security restrictions, caused by improperly used crypto. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass of DRM content protection.
CVE-2024-0022 CVSS:6.2
Google Android could allow a local attacker to obtain sensitive information, caused by improper input validation in multiple functions of CompanionDeviceManagerService.java. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-0027 CVSS:6.2
Google Android is vulnerable to a denial of service, caused by resource exhaustion in multiple functions of SnoozeHelper.java. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-0026 CVSS:6.2
Google Android is vulnerable to a denial of service, caused by resource exhaustion in multiple functions of SnoozeHelper.java. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-0025 CVSS:8.4
Google Android could allow a local attacker to gain elevated privileges on the system, caused by a logic error in sendIntentSender of ActivityManagerService.java. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-0043 CVSS:7.8
Google Android could allow a local attacker to gain elevated privileges on the system, caused by a logic error in the code in multiple locations. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-0024 CVSS:7.8
Google Android could allow a local attacker to gain elevated privileges on the system, caused by improper input validation in multiple methods of UserManagerService.java. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
Impact
- Security Bypass
- Information Disclosure
- Denial of Service
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-0042
- CVE-2024-0022
- CVE-2024-0027
- CVE-2024-0026
- CVE-2024-0025
- CVE-2024-0043
- CVE-2024-0024
Affected Vendors
Google Andriod
Affected Products
- Google Android 12
- Google Android 12L
- Google Android 13
- Google Android 14
- Google Android SoC
Remediation
Upgrade to the latest version of Android, available from the Google Website.