© IE Online Media Services Pvt Ltd
Tags:
Journalism of Courage
Google has released fixes for two security bugs in Android devices that were found to have been actively exploited, which means that hackers used these vulnerabilities to gain access to Android systems.
The security flaws “may be under limited, targeted exploitation,” Google said in a security bulletin published on the Android blog on Monday, April 7.
“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote escalation of privilege with no additional execution privileges needed,” the security bulletin read.
Google further said that source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours. Android partners are generally notified of all such issues at least a month before a security bulletin is released, it added.
One of the two zero-day security flaws termed as ‘CVE-2024-53150’ was first identified by global non-profit Amnesty International in collaboration with Google’s Threat Analysis Group (TAG).
The second zero-day security flaw termed as ‘CVE-2024-53197’ was also flagged by Google’s security team that primarily monitors State-backed cyberattacks. This vulnerability was reportedly found in the kernel or core of the Android operating system.
In February this year, Amnesty International released a report which found that Israeli forensic software vendor Cellebrite had allegedly exploited three zero-day vulnerabilities to hack into Android phones. It is worth noting that Cellebrite’s customers include law enforcement authorities looking to use the company’s tools to unlock and forensically analyse devices confiscated in connection with their investigations.
