Request a Demo
Rewterz
New Mallox Ransomware Version Targets Linux Systems – Active IOCs
July 10, 2024
Rewterz
UAE Cybersecurity Authority Issues Alert Regarding Threats Targeting Android Users
July 10, 2024

Multiple Google Android Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-31320 CVSS:8.4

Google Android could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the setSkipPrompt of AssociationRequest.java. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-34723 CVSS:8.4

Google Android could allow a local attacker to gain elevated privileges on the system, caused by a logic error in the code in onTransact of ParcelableListBinder.java. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-34722 CVSS:8.4

Google Android could allow a remote attacker to gain elevated privileges on the system, caused by incorrect implementation of a protocol in the code in smp_proc_rand of smp_act.cc. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-34720 CVVSS:8.4

Google Android could allow a local attacker to gain elevated privileges on the system, caused by a logic error in the code in com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-31331 CVSS:7.8

Google Android could allow a local attacker to gain elevated privileges on the system, caused by a logic error in the code in setMimeGroup of PackageManagerService.java. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-31332 CVSS:8.4

Google Android could allow a local attacker to gain elevated privileges on the system, caused by a missing permission check in multiple locations. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-34721 CVSS:6.2

Google Android could allow a local attacker to obtain sensitive information, caused by improper input validation in ensureFileColumns of MediaProvider.java. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.

Impact

  • Privilege Escalation
  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2024-31320
  • CVE-2024-34723
  • CVE-2024-34722
  • CVE-2024-34720
  • CVE-2024-31331
  • CVE-2024-31332
  • CVE-2024-34721

Affected Vendors

Google

Affected Products

  • Google Android 14

Remediation

Upgrade to the latest version of Android, available from the Google Website.

Google Website