Google fixed actively exploited Android flaw CVE-2024-32896
Google has patched a high-severity privilege escalation vulnerability in the Android operating system, identified as CVE-2024-32896 with a CVSS score of 7.8, which was being actively exploited in the wild. The flaw existed in the Android Framework component and could be exploited by an attacker to escalate privileges without needing additional execution privileges, although user interaction was required. The fix was included in the Android Security Bulletin for September 2024, which noted that the exploitation seemed to be limited and targeted. Previously, Google had warned about a related vulnerability in the Pixel Firmware, CVE-2024-29748, which had also been exploited as a zero-day. The GrapheneOS project highlighted that CVE-2024-32896 was a full fix for a partial mitigation previously applied to CVE-2024-29748, which was specific to Pixel devices. The new fix allows for a wipe-without-reboot feature in Android 14 QPR3, enhancing device security. CVEs: CVE-2024-32896, CVE-2024-29748 [View Article](https://buaq.net/go-260228.html)