Google has swiftly patched two Android zero-day exploits that were already being actively targeted, alongside a total of 51 other security vulnerabilities, in its latest November update.
The two vulnerabilities, designated as CVE-2024-43047 and CVE-2024-43093, have been identified as actively exploited in limited, targeted attacks.
“It appears that the next project may even fall short of modest expectations.”
A high-severity vulnerability, designated as CVE-2024-43047, has been discovered in Qualcomm’s proprietary components within the Android kernel, allowing for privilege escalation via a use-after-free attack.
A critical vulnerability was identified in early October 2024 by Qualcomm as a problem with its Digital Signal Processor (DSP) service.
A newly discovered CVE-2024-43093 poses a high-severity elevation of privilege risk to the Android Framework component and Google Play’s system update mechanism, specifically targeting the Paperwork UI feature.
The identity of the researcher responsible for discovering the CVE-2024-43093 vulnerability remains undisclosed by Google.
Researchers at Amnesty International discovered CVE-2024-43047, a vulnerability exploited in targeted malware attacks, although Google did not provide details on how the flaws were utilized.
Among the remaining 49 vulnerabilities patched this time, only one, identified as CVE-2024-38408, has been classified as critical, further compromising Qualcomm’s proprietary components.
Android updates this month address vulnerabilities affecting versions 12 to 15, with certain patches restricted to specific iterations of the mobile operating system.
Each month, Google identifies two specific patch ranges: the first occurs on November 1, known as the 2024-11-01 Patch Stage, while the second takes place on November 5, referred to as the 2024-11-05 Patch Stage.
The latest security patches for Android address core vulnerabilities, with a total of 51 fixes – 17 primary and 34 additional vendor-specific issues, including those affecting Qualcomm and MediaTek.
To utilize the latest replacement features, navigate to. Alternatively, go to . In some cases, a system restart may be necessary to utilize the replace function effectively.
Android 11 and earlier versions are no longer supported, but may still receive security updates addressing critical vulnerabilities when actively exploited, though this is not guaranteed.
To ensure optimal security and performance, units running outdated versions should consider either upgrading to newer releases or adopting a third-party Android distribution that incorporates the latest security patches.
