Request a Demo
Rewterz
Mirai Botnet Uses Ivanti Connect Secure Vulnerabilities to Deliver Malicious Payloads – Active IOCs
May 10, 2024
Rewterz
CVE-2024-4671 – Google Chrome Vulnerability
May 10, 2024

Multiple Google Android Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-0042 CVSS:6.2

Google Android could allow a local attacker to bypass security restrictions, caused by improperly used crypto. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass of DRM content protection.

CVE-2024-0022 CVSS:6.2

Google Android could allow a local attacker to obtain sensitive information, caused by improper input validation in multiple functions of CompanionDeviceManagerService.java. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-0027 CVSS:6.2

Google Android is vulnerable to a denial of service, caused by resource exhaustion in multiple functions of SnoozeHelper.java. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-0026 CVSS:6.2

Google Android is vulnerable to a denial of service, caused by resource exhaustion in multiple functions of SnoozeHelper.java. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-0025 CVSS:8.4

Google Android could allow a local attacker to gain elevated privileges on the system, caused by a logic error in sendIntentSender of ActivityManagerService.java. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-0043 CVSS:7.8

Google Android could allow a local attacker to gain elevated privileges on the system, caused by a logic error in the code in multiple locations. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-0024 CVSS:7.8

Google Android could allow a local attacker to gain elevated privileges on the system, caused by improper input validation in multiple methods of UserManagerService.java. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

Impact

  • Security Bypass
  • Information Disclosure
  • Denial of Service
  • Privilege Escalation

Indicators of Compromise

CVE

  • CVE-2024-0042
  • CVE-2024-0022
  • CVE-2024-0027
  • CVE-2024-0026
  • CVE-2024-0025
  • CVE-2024-0043
  • CVE-2024-0024

Affected Vendors

Google Andriod

Affected Products

  • Google Android 12
  • Google Android 12L
  • Google Android 13
  • Google Android 14
  • Google Android SoC

Remediation

Upgrade to the latest version of Android, available from the Google Website.

Google Website