Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

Nov 05, 2024Ravie LakshmananMobile Security / Vulnerability

Google has issued a warning about a security vulnerability in its Android operating system that is currently being actively exploited in the wild.

The vulnerability, known as CVE-2024-43093, is a privilege escalation flaw in the Android Framework component that could lead to unauthorized access to directories such as \”Android/data,\” \”Android/obb,\” and \”Android/sandbox\” and their sub-directories, as mentioned in a code commit message.

Although there is no specific information on how the vulnerability is being exploited in real-world attacks, Google has acknowledged in its monthly bulletin that there are signs of limited, targeted exploitation.

Another security bug, CVE-2024-43047, affecting Qualcomm chipsets, has also been actively exploited. This bug, a use-after-free vulnerability in the Digital Signal Processor (DSP) Service, could lead to memory corruption upon successful exploitation.

Last month, Google credited researchers from Google Project Zero and Amnesty International Security Lab for reporting and confirming the in-the-wild activity of the Qualcomm chipset vulnerability.

The advisory does not provide details on the exploit activity targeting the vulnerability or its timeline of exploitation. However, it is speculated that the vulnerability may have been used in highly targeted spyware attacks against civil society members.

It is unclear whether both security vulnerabilities were combined to create an exploit chain for privilege escalation and code execution.

CVE-2024-43093 is the second actively exploited Android Framework flaw following CVE-2024-32896, which was patched by Google in June and September 2024. Initially fixed for Pixel devices, Google later confirmed that the flaw also affects the wider Android ecosystem.