Google fixes two Android Zero Day bugs that hackers actively exploited

on monday, Google has released an update for Android This corrects two zero-day flaws, as the company said, “may be under limited targeted exploitation.” This means that Google is aware that hackers are using bugs to compromise Android devices in real-world scenarios.

One of two currently fixed zero-days tracking AS CVE-2024-53197was identified by Amnesty International in collaboration with Benoît Sevens, a security team at Google’s Threat Analysis Group, a government-sponsored cyberattacks tracking.

In February, Amnesty said it was found that Celbright, a company that sells devices to law enforcement to unlock and analyze mobile phones, was using three chains. Zero Day Vulnerability Hacking on Android phone.

In this case, Amnesty discovered a vulnerability, including one patched on Monday. Used against Serbian student activists By local governments armed with celebrity lights.

However, there is not much information about the second vulnerability, CVE-2024-53150. That discovery was also credited to Google’s Seven, and was patched on Monday, except for the fact that it was flawed. Found in the kernelthe core of the operating system.

Google and Amnesty did not respond immediately to requests for comment.

“The most serious of these issues are critical security vulnerabilities in system components that can lead to remote escalation of privileges without requiring additional execution privileges,” Tech Giant said in the advisory.

Google pushed two fixed zero-day source code patches within 48 hours of the advisory, while also noting that Android partners “were notified of all issues at least one month prior to publication.”

Given the open source nature of Android, every phone maker needs to push the patch out on their users.