Google Highlights an Actively-Exploited Android Vulnerability

Security flaws are vulnerabilities that come out of certain issues and contradictions in code. Bad actors can use these gaps in code to bypass security measures and take advantage of a device or network. As such, they’re dangerous, and should be patched immediately.

Unfortunately, some vulnerabilities cannot be patched before bad actors discover a way to exploit them. In this case, it’s a race to deliver a security update before users are affected by these flaws. It is against that backdrop that Google has made an announcement: The company has discovered a new security flaw within Android that bad actors are actively exploiting in the wild.

Google identified the flaw as CVE-2024-43093, a privilege escalation flaw in Android Framework which could allow bad actors to gain unauthorized access to many Android directories and sub-directories. The company has not identified much how the flaw is being exploited out in the world, and to what degree bad actors have used it, other than to say it “may be under limited, targeted exploitation.”

The discovery comes roughly a week after Google’s Project Zero announced its AI agent had discovered a zero-day vulnerability, the first time an AI program located a zero-day security flaw on its own.

As usual, the best course of action is to install the latest security patches on your Android devices as soon as they release. If you haven’t done so lately, open the updates section of your Settings app to make sure your device is patched.