Google has identified two significant security flaws in Android that are currently being exploited by hackers. These vulnerabilities, CVE-2024-43093 and CVE-2024-43047, could give attackers unauthorized access to certain system files and even control parts of affected devices.
CVE-2024-43093: This vulnerability impacts the Android Framework, potentially allowing attackers to access restricted directories, such as “Android/data” and “Android/sandbox.” Google has observed targeted exploitation of this flaw, which could mean it’s being used in spyware attacks against specific individuals or groups.
CVE-2024-43047: This flaw involves Qualcomm’s Digital Signal Processor (DSP) in Android devices, where a memory error can be exploited by attackers. Discovered in October 2024, researchers believe it may also be part of targeted spyware attacks, especially against civil society groups.
As part of its November 2024 Android Security Patch Update, Google addressed a total of 51 security issues, including these two high-risk vulnerabilities. Although Google hasn’t shared full details on how these flaws are being exploited, they seem to be used in targeted attacks rather than widespread campaigns.
How to Protect Your Device
To secure your device, Google recommends updating your Android OS:
- Go to Settings > System > Software updates > System update
- Or Settings > Security & privacy > System & updates > Security update
- After installing, you’ll need to restart your device to activate the updates.
If you use a device from a manufacturer like Samsung, the November 2024 security patch may not be available immediately. Google’s updates typically reach Pixel devices first, while other brands take additional time to customize and release patches for their specific models. Check with your device manufacturer to see when the November patch will be released.
These updates cover Android versions 12 to 15. Older versions (like Android 11 or earlier) may only receive critical security updates through Google Play, which isn’t guaranteed for all vulnerabilities. For better security, users with unsupported Android versions should consider upgrading to a newer device or using a third-party Android distribution that includes recent patches.
