Google Patches 2 Actively Exploited Android Zero-Day Flaws

The November security update addresses 51 vulnerabilities across Android versions 12 to 15, including one critical Qualcomm component flaw.

Google has released its November 2024 security update for Android devices, covering over 50 vulnerabilities, Bleeping Computer reports. Notably, it covers two zero-day flaws currently being exploited in targeted attacks.

Zero-day vulnerabilities are security flaws unknown to the software vendor that remain unpatched at the time of their discovery. They are called "zero-day" because the vendor has had zero days to create and release a fix.

The two vulnerabilities, known as CVE-2024-43047 and CVE-2024-43093, are classified as "high-severity" issues. CVE-2024-43047 affects Qualcomm components in the Android kernel, while CVE-2024-43093 impacts the Android Framework and Google Play system updates. Both could allow attackers to gain privileges on affected devices.

Security researchers discovered these vulnerabilities, adding that they may have been used in spyware attacks. Google has not provided details about how they ...