Google fixed two actively exploited Android zero-day flaws as share of its November security updates, addressing a total of 51 vulnerabilities.
Tracked as CVE-2024-43047 and CVE-2024-43093, the two considerations are marked as exploited in restricted, focused assaults.
“There are indications that the next will more than likely be below restricted, focused exploitation,” says Google’s advisory.
The CVE-2024-43047 flaw is a excessive-severity use-after-free issue in closed-offer Qualcomm parts inner the Android kernel that elevates privileges.
The flaw was first disclosed in early October 2024 by Qualcomm as a discipline in its Digital Signal Processor (DSP) provider.
CVE-2024-43093 is moreover a excessive-severity elevation of privilege flaw, this time impacting the Android Framework component and Google Play machine updates, namely within the Documents UI.
Google did not reveal who found the CVE-2024-43093 vulnerability.
While Google did not share any facts on how the vulnerabilities had been exploited, as researchers at Amnesty World found CVE-2024-43047, it would moreover demonstrate that the flaw was aged in focused spyware and spyware and adware assaults.
Out of the remainder 49 flaws fixed this time, perfect one, CVE-2024-38408, is assessed as valuable, moreover impacting Qualcomm’s proprietary parts.
The protection considerations fixed this month impact Android versions between 12 and 15, with some being restricted to particular versions of the cell running machine.
Google considerations two patch stages every month, in this case, November 1 (2024-11-01 Patch Stage) and November 5 (2024-11-05 Patch Stage).
The main level addresses core Android vulnerabilities, with 17 considerations this time, while the second patch level encompasses those plus dealer-particular fixes (Qualcomm, MediaTek, and so forth.), counting a additional 34 fixes this month.
To note the latest update, head to Settings > Gadget > Intention updates > Gadget update. Alternatively, lag to Settings > Safety & privateness > Gadget & updates > Safety update. A restart will likely be required to note the update.
Android 11 and older are not any longer supported nonetheless would possibly maybe maybe well moreover simply procure security updates to valuable considerations for actively exploited flaws thru Google Play machine updates, although that is not assured.
The finest direction of movement for units tranquil running those older releases must be both to substitute them with more moderen models or use a 3rd-event Android distribution that incorporates the latest security fixes.
