June 30, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
New Mallox Ransomware Version Targets Linux Systems – Active IOCs
July 10, 2024UAE Cybersecurity Authority Issues Alert Regarding Threats Targeting Android Users
July 10, 2024New Mallox Ransomware Version Targets Linux Systems – Active IOCs
July 10, 2024UAE Cybersecurity Authority Issues Alert Regarding Threats Targeting Android Users
July 10, 2024
Severity
High
Analysis Summary
CVE-2024-31320 CVSS:8.4
Google Android could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the setSkipPrompt of AssociationRequest.java. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-34723 CVSS:8.4
Google Android could allow a local attacker to gain elevated privileges on the system, caused by a logic error in the code in onTransact of ParcelableListBinder.java. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-34722 CVSS:8.4
Google Android could allow a remote attacker to gain elevated privileges on the system, caused by incorrect implementation of a protocol in the code in smp_proc_rand of smp_act.cc. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-34720 CVVSS:8.4
Google Android could allow a local attacker to gain elevated privileges on the system, caused by a logic error in the code in com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-31331 CVSS:7.8
Google Android could allow a local attacker to gain elevated privileges on the system, caused by a logic error in the code in setMimeGroup of PackageManagerService.java. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-31332 CVSS:8.4
Google Android could allow a local attacker to gain elevated privileges on the system, caused by a missing permission check in multiple locations. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-34721 CVSS:6.2
Google Android could allow a local attacker to obtain sensitive information, caused by improper input validation in ensureFileColumns of MediaProvider.java. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-31320
- CVE-2024-34723
- CVE-2024-34722
- CVE-2024-34720
- CVE-2024-31331
- CVE-2024-31332
- CVE-2024-34721
Affected Vendors
Google
Affected Products
- Google Android 14
Remediation
Upgrade to the latest version of Android, available from the Google Website.