Google Moves Fast to Block Android Hacker Attacks
On Monday, Google announced an update for Android earlier to patching two zero-days, which “might be under limited targeted exploitation,” as stated by the company. Hence, it shows that Google indeed knows how hackers have exploited and might be exploiting these bugs in real-life situations to compromise Android devices.
With regard to one of the two now-fixed zero-days tracked as CVE-2024-53197, Amnesty International identified the problem in partnership with Benoît Sevens from Google¿s Threat Analysis Group, the technology giant’s security team that tracks government-backed cyber-attacks.
In February, Amnesty reported that “found” Cellebrite took advantage of a triple chain of three zero-day vulnerabilities for hacking Android phones. The company caters to law enforcement by providing devices that unlock and forensically analyze phones.
So far, the investigations have not indicated much. One such patch issued on the above Monday is being used against a student activist in Serbia by local authorities using Cellebrite.
However, prorogation does NOT have much information on the second vulnerability, CVE-2024-53150, fixed on Monday. Other than that the finding was also credited to Google’s Sevens and that the flaw was found in the kernel, the core of an operating system, nothing much can be said.
Google did not respond immediately to a request for comment.
Hajira Maryam, spokesperson for Amnesty, said that the non-profit was not sharing anything at this point.
Join the WhatsAPP community
According to its advisory, the tech giant said that “the most severe of these issues is a critical security vulnerability in the System component that could lead to remote escalation of privilege with no additional execution privileges needed” and that “user interaction is not needed for exploitation.”
Google said it would push source code patches for the two fixed zero-days within 48 hours of the advisory while also noting that Android partners are “notified of all issues at least a month before publication.”
So, given the open source nature of Android, each and every phone manufacturer has to push their own patches to their own users.
Join Our Social Media Channels:
WhatsApp: NaijaEyes
Facebook: NaijaEyes
Twitter: NaijaEyes
Instagram: NaijaEyes
TikTok: NaijaEyes
