By admin 
Google has warned that a security flaw affecting its Android operating system is being actively exploited in the wild.
The vulnerability, tracked as CVE-2024-43093, is described as a privilege escalation flaw in the Android Framework component that can result in unauthorized access to the “Android/data”, “Android/obb” and “Android/sandbox” folders . and its subdirectories, according to a code commit message.
There are currently no details on how the vulnerability will be weaponized in real-world attacks, but Google recognized in its monthly bulletin that there are indications it “may fall under limited, targeted exploitation.”
The tech giant has also marked CVE-2024-43047, a now patched security flaw in Qualcomm chipsets, as actively exploited. A use-after-free vulnerability in the Digital Signal Processor (DSP) Service, successful exploitation of which could lead to memory corruption.
Last month, the chip maker credited Google Project Zero researchers Seth Jenkins and Conghui Wang for reporting the flaw, and Amnesty International Security Lab for confirming the in-the-wild activity.
The advisory does not provide details on the exploit activity that targeted the flaw, or when it may have started, although it is possible that it was used as part of highly targeted spyware attacks targeting members of civil society.
It is also currently unknown whether both vulnerabilities were formed together as an exploit chain to escalate privileges and achieve code execution.
CVE-2024-43093 is the second actively exploited Android Framework flaw after CVE-2024-32896which was patched by Google in June and September 2024. While it was originally only fixed for Pixel devices, the company later confirmed that the flaw will impact the broader Android ecosystem.
Did you find this article interesting? Follow us further Tweet And LinkedIn to read more exclusive content we post.