Multiple Vulnerabilities in Google Android OS Could Allow for Privilege Escalation
- by nlqip
Multiple vulnerabilities have been discovered in Google Products that could allow for privilege escalation and remote code execution in the context of the affected component. Following the MITRE ATT&CK framework, exploitation of these vulnerabilities can be classified as follows:
Tactic: Privilege Escalation (TA0004):
Technique: Abuse Elevation Control Mechanism (T1548):
- Multiple vulnerabilities in Framework that could allow for elevation of privilege. (CVE-2023-20971, CVE-2023-21351, CVE-2024-34731, CVE-2024-34734, CVE-2024-34735, CVE-2024-34737, CVE-2024-34738, CVE-2024-34739, CVE-2024-34740, CVE-2024-34741, CVE-2024-34743)
- A vulnerability in Kernel that could allow for remote code execution. (CVE-2024-36971)
Additional lower severity vulnerabilities include:
- A vulnerability in Framework that could allow for information disclosure. (CVE-2024-34736)
- A vulnerability in Framework that could allow for denial of service. (CVE-2024-34742)
- A vulnerability in System that could allow for information disclosure. (CVE-2024-34727)
- Multiple vulnerabilities in Arm components. (CVE-2024-2937, CVE-2024-4607)
- A vulnerability in MediaTek components. (CVE-2024-20082)
- Multiple vulnerabilities in Qualcomm components. (CVE-2024-21478, CVE-2024-23381, CVE-2024-23382, CVE-2024-23383, CVE-2024-23384, CVE-2024-33010, CVE-2024-33011, CVE-2024-33012, CVE-2024-33013, CVE-2024-33014, CVE-2024-33015, CVE-2024-33018, CVE-2024-33019, CVE-2024-33020, CVE-2024-33023, CVE-2024-33024, CVE-2024-33025, CVE-2024-33026, CVE-2024-33027, CVE-2024-33028)
Successful exploitation of the most severe of these vulnerabilities could allow for privilege escalation and remote code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.
Source link
lol
Multiple vulnerabilities have been discovered in Google Products that could allow for privilege escalation and remote code execution in the context of the affected component. Following the MITRE ATT&CK framework, exploitation of these vulnerabilities can be classified as follows: Tactic: Privilege Escalation (TA0004): Technique: Abuse Elevation Control Mechanism (T1548): Multiple vulnerabilities in Framework that could…
Recent Posts
- CISA warns of actively exploited Apache HugeGraph-Server bug
- Suspects behind $230 million cryptocurrency theft arrested in Miami
- Ivanti Says ‘Critical’ Cloud Gateway Vulnerability Seeing Exploitation
- Microsoft Edge will flag extensions causing performance issues
- Sophos CEO On How EDR Vendors, Microsoft Are ‘Rethinking’ Security After CrowdStrike Outage