Google Patches Two Critical Android Zero-Day Vulnerabilities Targeted by Hackers

Google Patches Two Critical Android Zero-Day Vulnerabilities Targeted by Hackers

On Monday, Google announced an important Android update aimed at addressing two critical zero-day vulnerabilities, which have potentially been exploited by hackers. This update is crucial for ensuring the security and integrity of Android devices worldwide.

Understanding the Android Zero-Day Vulnerabilities

These two zero-day vulnerabilities, identified as CVE-2024-53197 and CVE-2024-53150, were acknowledged by Google as being under “limited, targeted exploitation.” This indicates that hackers may have been actively using these flaws to compromise Android devices.

Details on CVE-2024-53197

The first vulnerability, CVE-2024-53197, was discovered by Amnesty International in collaboration with Benoît Sevens from Google’s Threat Analysis Group. This group specializes in tracking cyber threats from government-backed entities.

In February, Amnesty International revealed that Cellebrite, a company known for providing law enforcement with tools for phone unlocking and forensic analysis, had exploited a series of three zero-day vulnerabilities to gain unauthorized access to Android devices.

Impact on Activists

Amnesty’s findings highlighted the use of these vulnerabilities against a Serbian student activist, who was targeted by local authorities using Cellebrite’s technology.

Insights on CVE-2024-53150

While specific details about the second vulnerability, CVE-2024-53150, are sparse, it is confirmed that this flaw was also identified by Google’s Sevens and resides within the Android kernel, which is the core component of the operating system.

Google’s Response and Recommendations

In its advisory, Google emphasized that the most critical of these vulnerabilities poses a significant risk. It noted that this security flaw in the System component could facilitate remote privilege escalation without requiring user interaction or additional execution privileges.

Google has stated that it will release source code patches for these vulnerabilities within 48 hours of this advisory. Furthermore, Android partners are informed of such issues at least a month prior to public disclosure, ensuring timely updates.

READ ALSO  North Korea Linked to $1.4 Billion Bybit Crypto Heist: Researchers Uncover Shocking Allegations

Importance of Timely Updates

Given the open-source nature of Android, it is essential for every phone manufacturer to implement these patches promptly for their users. Regular updates are critical in maintaining device security and protecting against potential cyber threats.

If you have more information about Android zero-day vulnerabilities, please reach out securely to Lorenzo Franceschi-Bicchierai via Signal at +1 917 257 1382, or contact via Telegram and Keybase @lorenzofb, or by email. You can also contact TechCrunch via SecureDrop.

Similar Posts

Google Unveils SpeciesNet: The Revolutionary AI Model for Wildlife Identification

Unlocking Creativity: How Google’s New AI Model Effortlessly Removes Watermarks from Images

Bysupport

Social media users have discovered that Google’s Gemini 2.0 Flash AI model can remove watermarks from images, including those from stock media companies like Getty Images. This functionality has ignited debates over copyright and ethical usage in the digital realm. While the model’s advanced image generation and editing capabilities are impressive, its lack of restrictions raises ethical concerns. Other AI tools, such as Claude 3.7 Sonnet, avoid watermark removal, deeming it unethical and potentially illegal. Currently labeled as “experimental,” Gemini 2.0 Flash’s potential for misuse emphasizes the need for careful consideration of AI applications in the context of copyright laws.

Single Default Password Puts Multiple Apartment Buildings at Risk: A Security Wake-Up Call

Single Default Password Puts Multiple Apartment Buildings at Risk: A Security Wake-Up Call

Bysupport

A critical security vulnerability in the Enterphone MESH door access system has been uncovered, allowing unauthorized remote access to door locks and elevators in buildings across the U.S. and Canada. Security researcher Eric Daigle revealed that the default password enables easy exploitation, leading to the vulnerability being classified as CVE-2025-26793. Despite its severity rating of 10, Hirsch, the system’s owner, claims it is a design feature and will not address the issue. Many buildings remain vulnerable due to unaltered default passwords, emphasizing the urgent need for better password management practices to enhance security.

Google Removes 'Diversity' and 'Equity' References from Responsible AI Team Page: What It Means for Inclusion in Tech

Google Removes ‘Diversity’ and ‘Equity’ References from Responsible AI Team Page: What It Means for Inclusion in Tech

Bysupport

Google has updated its Responsible AI and Human Centered Technology team webpage, removing references to “diversity” and “equity,” which has raised concerns in the tech community. The new language focuses on more vague terms while omitting mentions of marginalized and underrepresented groups. This change follows similar actions by Google, such as altering its Startups Founders Fund grant website and announcing the elimination of diversity hiring targets. Other tech giants like Amazon, Meta, OpenAI, and Apple are also reassessing their diversity initiatives amid a broader political climate scrutinizing DEI practices. The future of DEI in tech remains uncertain as companies adapt to these challenges.

Revealed: Inside China's AI Censorship Machine – Leaked Data Uncovers the Truth

Revealed: Inside China’s AI Censorship Machine – Leaked Data Uncovers the Truth

Bysupport

A leaked dataset has revealed an advanced AI censorship system in China, enhancing government control over online discourse. The dataset contains about 133,000 examples of flagged content, covering sensitive topics like the Tiananmen Square massacre, pollution, and labor disputes. Experts, including UC Berkeley’s Xiao Qiang, note that this system, which utilizes large language models, increases censorship efficiency beyond traditional methods. Found by security researcher NetAskari on an unsecured Baidu server, the dataset raises concerns about data privacy. This AI-driven approach indicates a systematic effort to suppress dissent and manipulate public opinion under the Cyberspace Administration of China.

Senator Blocks Trump’s CISA Director Nominee Over Telecom Security 'Cover-Up' Concerns

Senator Blocks Trump’s CISA Director Nominee Over Telecom Security ‘Cover-Up’ Concerns

Bysupport

Democratic Senator Ron Wyden has placed a hold on Sean Plankey’s nomination as director of the Cybersecurity and Infrastructure Security Agency (CISA) due to concerns over a “multi-year cover-up” of security flaws in U.S. telecommunications. Wyden demands the release of a 2022 unclassified report detailing these vulnerabilities before supporting Plankey. He emphasizes the public’s right to know about critical telecom security issues, especially in light of the Salt Typhoon hacking incidents linked to Chinese spies. Wyden has introduced legislation for minimum cybersecurity standards for phone companies, highlighting the urgent need for accountability in the sector.

Massive PowerSchool Data Breach Exposes Personal Information of 16,000 UK Students

PowerSchool Network Breach: Hacker Infiltrated System Months Ahead of December Security Collapse

Bysupport

A significant data breach involving U.S. edtech company PowerSchool has been revealed, following an investigation by cybersecurity firm CrowdStrike. The unauthorized access began as early as August 2024, months before the major breach reported in December 2024. PowerSchool confirmed that hackers exploited compromised support credentials, leading to unauthorized activity between December 19 and December 28, 2024. While CrowdStrike noted the lack of definitive links between the earlier access and the December breach, they indicated that timely action could have mitigated the incident. Concerns grow as over 60 million students’ personal information may be compromised, but PowerSchool has not disclosed specific numbers.

Leave a Reply

Your email address will not be published. Required fields are marked *