on monday, Google has released an update for Android This determines the disadvantages of zero day “may be under a limited targeted exploitation,” as the company explained. This means that Google realizes that infiltrators were and may still use errors to waive Android devices in the real world scenarios.
One of the two zero days that are now installed, followed Cve-2024-53197It was identified by Amnesty International in cooperation with Benoa Seven of the Google threat analysis group, the technology giant security team that tracks government -backed electronic attacks.
In February, Amnesty said it found that Celbrite, a company that sells law enforcement devices to cancel its lock and analyze it criminally, takes advantage of a series of three The weaknesses of the zero day To penetrate Android phones.
Contact us
Do you have more information about Android Zero Tays? From a non-action device, you can connect to Lorenzo Franceschi-Bicchierai securely to indicate +1 917 257 1382, or via Telegram and Keybaserenzofb, or Email. You can also call the techcrunch via Securedrop.
In this case, Amnesty found that the weaknesses, including those corrected on Monday, It is used against a Serbian student activist By local authorities armed with Cellebrite.
However, there is not much information, in the second weakness, CVE-2024-53150, corrected on Monday, unlike the fact that its discovery was also attributed to the Google seventies and that the faults were I found in the nucleusThe essence of the operating system.
Google did not immediately respond to a request for comment.
Amnesty spokeswoman, Hijara Mary, said that unhappy organizations had nothing to participate in this stage.
“The strongest of these issues is a decisive security weakness in the component of the system, which can lead to an escalation of a distance of concession without the need for additional implementation privileges”, and that “the user interaction is not needed to exploit.”
Google said it will pay the source code for two steadfast days within 48 hours of consultations, noting that Android partners “are notified of all problems at least a month before the publication.”
Looking at the open source of Android, each phone factory has now to pay corrections to its users.
This story was updated to include the response of Amnesty.
https://techcrunch.com/wp-content/uploads/2020/04/GettyImages-924145016.jpg?resize=1200,800
Source link