The patch is rolling out through Android's August security update.
Google has uncovered a serious flaw in Android that hackers are already exploiting.
The company disclosed and patched the previously unknown "zero-day" flaw in this month’s security update for Android. The vulnerability, dubbed CVE-2024-36971, is particularly dangerous because it affects the mobile operating system’s kernel, the central brain to the software.
“There are indications that CVE-2024-36971 may be under limited, targeted exploitation,” Google warned in the security update.
By exploiting the flaw, a hacker can remotely execute code with system privileges, paving a way to trigger an Android device into downloading and installing malware. Specifically, the flaw pertains to a kernel function called "__dst_negative_advice()," which wasn’t enforcing a synchronization mechanism called Read-Copy Update or RCU.
The resulting bug can lead to a use-after-free vulnerability, where the operating system is re-accessing a memory location, even though the memory space has been freed up or deallocated. The effect can trigger memory corruption, crashes, or a way to manipulate a system to run unauthorized computer code.
- phen0men4 and Karlston
-
2
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.