Google announced on Monday that it had released over 40 security updates for Android during November, including fixes to two vulnerabilities actively exploited in attacks.
The first vulnerability, CVE-2024-43047, was discovered last month after Amnesty International and Google’s Threat Analysis Group (TAG) found evidence of it being exploited in the wild. Qualcomm released patches for the issue back then, describing it as a serious “use-after-free” bug, Security Week reports.
Qualcomm urged OEMs (the companies that make Android phones and Android tablets) to deploy the update on affected devices as soon as possible.
The discovery of CVE-2024-43047 by Google and Amnesty suggests that it may have been exploited by a commercial spyware vendor targeting Android devices.
The second vulnerability, CVE-2024-43093, is a serious bug in Android. Google warns that both vulnerabilities “may be under limited, targeted exploitation” but has not shared details of specific attacks.
CVE-2024-43047 was fixed with the first November update of Android and fixes a total of 17 serious vulnerabilities in the system. The second, security patch 2024-11-05 contains an additional 23 vulnerability fixes, including CVE-2024-43093, as well as updated kernel versions.
Google also announced that the November 2024 security update for Wear OS includes fixes for two bugs in addition to the vulnerabilities addressed in Android’s November security bulletin.
Related articles
This article originally appeared on our sister publication PC för Alla and was translated and adapted from Swedish.
