Google confirms CVE-2024-32896 zero-day threat
Google has released the latest Android security bulletin, taking devices to a security patch level of 2024-09-05. This month, it comes with an urgent warning: CVE-2024-32896 may be under limited, targeted exploitation.
The CVE-2024-32896 Zero-Day Vulnerability Explained
Although a number of security issues are addressed by the September update, there is one that demands your attention more than most. Common vulnerabilities and exposures number 32896 for this year, known as CVE-2024-32896, is the most severe, according to Google. This high-severity security vulnerability impacts the Android framework component which, as the name suggests, is rather important. The Android framework is, in effect, a set of different software components that sit at the heart of Android upon which applications are built.
Google warns that exploitation of the vulnerability could “lead to local escalation of privilege with no additional execution privileges needed,” which really is as bad as it sounds. But it gets worse. This vulnerability is the security problem that just keeps coming, having first been reported in the June Pixel security update when a patch for users of that device was made available. Indeed, it was even deemed a serious enough threat that it was added to the Known Exploited Vulnerabilities Catalog maintained by America’s cyber defense experts, the Cybersecurity and Infrastructure Security Agency. Now all Android users are being urged to update as soon as possible as the vulnerability continues to be exploited by attackers, albeit with highly-targeted victims as yet unnamed.
CVE-2024-32896 attack warning issued
What You Need To Do Today
As Google has confirmed that its assessment of CVE-2024-32896 is based upon the impact an exploit, which has already been identified in the wild, could have on affected devices if platform and service m mitigations are successfully bypassed, all users are advised to do the following as a matter of urgency.
Check that you have the latest security updates installed. To do this, open your device settings app and navigate to the bottom, where the latest Android version, security update and build number can be found. You can also select system and software update from the settings app to initiate any available security updates.
This advice is given even more gravitas considering that CVE-2024-32896 isn’t the only high-severity vulnerability addressed by the September security update, it’s just one of ten affecting the Android framework and system.
The 10 high-severity Android vulnerabilities patched by Google