Google says Android zero-day was exploited in the wild

Google has patched a  “high-severity” vulnerability that may be “under limited, targeted exploitation” in Android devices.

In an advisory on Monday, Google said that the bug, tracked as CVE-2024-36971, impacts the Linux kernel — a core component of an operating system that serves as a bridge between the software and the physical hardware of a computer.

The vulnerability allows hackers to remotely execute code on the affected device, Google said. The company hasn’t provided any details about specific attacks and which threat actor was behind them.

For the exploit to be successful, the attacker would need to have system-level privileges, the highest level of access permissions.

Google’s August patch addressed a total of 47 flaws, including those in Arm, Imagination Technologies, MediaTek and Qualcomm components. Most of them have been assigned a “high severity” rating.

The new Android zero-day was discovered by Clement Lecigne of Google's Threat Analysis Group. He previously mostly reported on zero-day flaws exploited in espionage attacks.

Earlier this year, researchers from Google warned that zero-day exploits — those that be used to compromise devices before anyone is aware they’re vulnerable — have become more common as nation-state hackers and cybercriminals find sophisticated ways to carry out their attacks.

In a report in March, Google said it observed 97 zero-days exploited in the wild in 2023, compared to 62 in 2022 — a 50 percent increase. Forty-eight of the vulnerabilities were attributed to espionage actors while the remaining 49 were attributed to financially-motivated hackers.