In the latest security update released by Google in November, the tech giant has addressed two critical Android zero-day vulnerabilities that were actively being exploited in targeted attacks. These vulnerabilities were flagged as CVE-2024-43047 and CVE-2024-43093, with Google noting that they were under limited, targeted exploitation. While specific details of the exploitation were not shared by Google, researchers from Amnesty International identified CVE-2024-43047 as potentially being used in spyware attacks against specific targets.

In addition to the zero-day flaws, Google also patched 49 additional vulnerabilities in the November security update. Among these fixes was CVE-2024-38408, a critical vulnerability affecting Qualcomm components. These vulnerabilities were found to impact Android versions 12 through 15, with some flaws being exclusive to certain versions.

Google typically issues monthly updates with two patch levels: one focusing on core Android vulnerabilities and another that includes both core and vendor-specific fixes. The November 1 patch addressed 17 Android security issues, while the November 5 patch introduced 34 additional fixes, covering vulnerabilities in components from manufacturers such as Qualcomm and MediaTek.

To ensure protection against potential threats, Cyble, a threat intelligence firm, recommends users to install the latest Android security update by navigating to Settings > System > Software updates > System update, or Settings > Security & privacy > System & updates > Security update. It is important to note that a restart is required to apply the updates.

While Google has discontinued support for Android 11 and older versions, devices on these systems may still receive security updates for critical, actively exploited vulnerabilities through Google Play system updates, although this is not guaranteed. Users with unsupported Android devices are advised to consider upgrading to newer models or installing third-party Android distributions that include the latest security patches.

This emphasis on updating devices highlights the significance of staying current with security patches to mitigate potential security threats, especially for users of high-risk devices and those relying on Android versions that are vulnerable to emerging exploits.

Overall, the November security update from Google serves as a timely reminder for users to prioritize their device’s security by promptly installing the latest updates and taking proactive measures to safeguard their data and privacy in today’s ever-evolving threat landscape.

Source link