As part of its November security updates, Google patched two Android zero-day vulnerabilities, CVE-2024-43047 and CVE-2024-43093, both actively exploited in limited, targeted attacks. These high-severity flaws involve privilege escalation issues in Qualcomm components and the Android Framework, respectively.
CVE-2024-43047, disclosed by Qualcomm, affects its DSP service, while the source of CVE-2024-43093 remains undisclosed. Security experts suggest that the former may have been exploited in spyware operations.
In total, Google fixed 51 vulnerabilities, including the critical CVE-2024-38408 impacting Qualcomm components. The patches apply to Android versions 12 through 15, with some fixes specific to certain releases.
Two patch levels, November 1 and November 5, address core and vendor-specific vulnerabilities. Google recommends updating via the device's system settings to maintain security.
Older Android versions, including 11 and below, are no longer officially supported, though they may receive critical fixes via Google Play updates. Users on outdated versions are advised to upgrade or switch to third-party Android distributions for enhanced security.
Read more...
Logging you in...
Loading IntenseDebate Comments...