November 5, 2024 at 09:34AM
Google’s November security updates fixed two actively exploited Android zero-day vulnerabilities, CVE-2024-43047 and CVE-2024-43093, among 51 flaws. The high-severity issues affect Qualcomm components and Android Framework, potentially linked to spyware attacks. Users are urged to update their devices for improved security, especially those running outdated versions.
### Meeting Takeaways: November Security Updates for Android
1. **Security Vulnerabilities Addressed**:
– Google fixed **51 vulnerabilities** in total, including two actively exploited Android zero-day flaws: **CVE-2024-43047** and **CVE-2024-43093**.
2. **Details on Zero-Day Flaws**:
– **CVE-2024-43047**:
– High-severity use-after-free issue in Qualcomm components within the Android kernel.
– Elevates privileges and was disclosed by Qualcomm in early October 2024.
– **CVE-2024-43093**:
– Also a high-severity elevation of privilege flaw, affecting the Android Framework and Google Play system updates.
3. **Exploitation and Discovery**:
– Both vulnerabilities are noted to be exploited in limited, targeted attacks; specifics of exploitation were not disclosed by Google.
– The discovery of **CVE-2024-43047** was made by **Amnesty International**, indicating potential targeted spyware usage.
4. **Critical Vulnerabilities**:
– Out of the remaining fixed vulnerabilities, **CVE-2024-38408** is classified as critical, also impacting Qualcomm’s proprietary components.
5. **Affected Android Versions**:
– Security issues affect Android versions **12 to 15**; some are limited to specific versions.
6. **Patch Levels**:
– Google issues two patch levels each month. For November:
– **2024-11-01 Patch Level**: Addresses 17 core vulnerabilities.
– **2024-11-05 Patch Level**: Addresses the initial 17 plus an additional 34 vendor-specific fixes.
7. **Update Instructions**:
– To apply the latest updates:
– Go to **Settings > System > Software updates > System update** or **Settings > Security & privacy > System & updates > Security update**.
– A device restart will be required.
8. **Support for Older Versions**:
– Android **11 and older** are no longer fully supported but might receive security updates for critical issues through Google Play.
– Recommended actions for these devices include upgrading to newer models or using third-party Android distributions.
### Action Items:
– Ensure devices running affected Android versions are updated promptly.
– Consider replacement or upgrade strategies for devices on Android 11 and older.