Google Patches Two Android Vulnerabilities Exploited in Targeted Attacks

Google warns of the limited, targeted exploitation of two vulnerabilities resolved with the latest Android security update.

Google on Monday announced patches for more than 40 vulnerabilities as part of Android’s November 2024 set of security updates, including two flaws that have been exploited in attacks.

Tracked as CVE-2024-43047, the first of the exploited security defects was disclosed last month, after Amnesty International and Google’s Threat Analysis Group (TAG) found evidence of in-the-wild exploitation.

Qualcomm released patches for the issue last month, warning that it affects dozens of chipsets and describing it as a high-severity use-after-free bug in the Digital Signal Processor (DSP) service.

“Patches for the issue affecting FASTRPC driver have been made available to OEMs together with a strong recommendation to deploy the update on affected devices as soon as possible,” Qualcomm said last month.

The fact that CVE-2024-43047 was discovered by Google and Amnesty suggests ...