Monday, Google released an update on Android This determines two zero -day defects that “can be limited, targeted exploitation”, as the company put it. This means that Google knows that hackers were and can still use errors to reconcile Android devices in real world scenarios.
One of two now fixed zero days, which is being watched as CVE-2024-53197It was recognized by Amnesty International in collaboration with Google Manalyly Analysis Group, the Tech Giant security team watching government government government.
In February, Amnesty said that it had found that Cellebrite, a company selling devices in enforcing the law on unlocking and forensic analysis of phones, benefited from a chain of three vulnerability of zero day in Hack on Android phones.
Contact us
Do you have more information about Android Zero-Days? From a non-work device, you can contact Lorenzo Franceschi-bicchierai safely on the signal on +1 917 257 1382, or via the telegraph and keybase @lorenzofb or email. You can also contact TechCrunch via securedrop.
In this case, amnesty found that the vulnerabilities, including start on Monday, used against a Serbian student activist by local authorities armed with Cellebrite.
However, there is not much information about the second vulnerability, the CVE-2024-53150, patched Monday, except that its discovery was also credited to the seven Google and that the defect was Was found in the corethe core of a operating system.
Google did not immediately respond to request for comments.
Amnesty spokesman Hajira Maryam said the non -profit organization had nothing to share at this point.
The technological giant said in his advice that “the most serious of these issues is a critical vulnerability of the system’s element that could lead to a remote escalation of the privilege without the need for additional execution privileges” and that “the interaction of users is not required for exploitation”.
Google has said it would promote the source code patches for the two fixed zero days within 48 hours of counseling, while noting that Android’s partners are “informed of all issues at least one month before the publication”.
Given the nature of Android’s open source, every phone maker must now push the patches to its users.
This story was informed to include Amnesty’s response.
