Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Zero-Day Vulnerability in Android Devices
Alerts

Active Exploitation of Zero-Day Vulnerability in Android Devices

12 August 2024

Google has released security updates addressing a zero-day vulnerability (CVE-2024-36971) affecting Android devices. The zero-day is a use after free (UAF) weakness in the Linux kernel's network route management. The vulnerability is reportedly being actively exploited.

Successful exploitation of this vulnerability in the Linux kernel's network route management may allow an unauthenticated attacker to perform remote code execution (RCE) on vulnerable Android devices.

The vulnerability affects Android OS versions before the 2024-08-05 security patch level.

Users and administrators of Android products are advised to update to the latest versions immediately when prompted by their phone manufacturer or they can check for related updates under their "Settings" function.

References

https://www.bleepingcomputer.com/news/security/google-fixes-android-kernel-zero-day-exploited-in-targeted-attacks/amp/

https://source.android.com/docs/security/bulletin/2024-08-01