Vulnerability
Android
Threat Guidances
August 14, 2024

CVE-2024-36971

A cracked Android device

Lookout Coverage and Recommendation for Admins

To ensure your devices are protected, Lookout admins should take the following steps in their Lookout console:

  • Enable the Patch Level Out of Date policy in the Protections tab. We suggest you manually choose ASPL 2024-08-05 as the minimum level. 
  • Enable Lookout Phishing & Content Protection (PCP) to protect mobile users from malicious phishing campaigns that are built to exploit these vulnerabilities in order to phish credentials or deliver malicious apps to the device.

Overview 

Google has recently disclosed a new zero-day vulnerability affecting all devices running its Android operating system. The vulnerability, CVE-2024-36971, is a use after free (UAF) vulnerability that exists in the Linux kernel’s network route management capabilities. UAF vulnerabilities occur when a program continues to use a particular memory location even after it has been freed, which the attacker then exploits to infiltrate that particular program. 

There have also been indications from Google that there is a known exploit for this vulnerability in the wild. While it hasn’t been disclosed who is behind the exploit, the National Vulnerability Database (NVD) has rated this vulnerability with a high risk score of 7.8/10. It appears that user interaction is unnecessary for a successful exploit, which would grant the attacker the ability to execute remote arbitrary code without user knowledge. 

Lookout Analysis

While Google has released a patch for Pixel devices at the time of this post being written, there is an inevitable window of time between when the patch is released and when users actually install it. Another time gap occurs as other device manufacturers who run Android test the Google patch for their devices. These both present attackers with greater opportunity and chance of success. 

It may be possible to exploit this vulnerability without any user interaction on the device by sending maliciously crafted packets to the device. Given that this vulnerability is found in the core network stack of the kernel, it has the potential to affect all manufacturers of Android devices.

Authors

Lookout

Cloud & Endpoint Security

Lookout, Inc. is the data-centric cloud security company that uses a defense-in-depth strategy to address the different stages of a modern cybersecurity attack. Data is at the core of every organization, and our approach to cybersecurity is designed to protect that data within today’s evolving threat landscape no matter where or how it moves.

Threat Type
Vulnerability
Platform(s) Affected
Android
Entry Type
Threat Guidances
Platform(s) Affected
Vulnerability
Android
Threat Guidances

Related Content

CVE-2024-7971

Researchers at Microsoft recently discovered and reported a new zero day vulnerability in Google’s Chrome browser, which is tracked as CVE-2024-7971

Read Threat Article

CVE-2024-36971

Google recently disclosed a new zero-day affecting all devices running its Android operating system. It exists in the Linux kernel’s network route management capabilities.

Read Threat Article

EvilVideo Telegram Exploit

Researchers recently disclosed their discovery of a zero-day vulnerability in the Telegram app for Android.

Read Threat Article
A woman using her phone and laptop on a train ride.

Lookout Mobile Endpoint Security

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Advanced mobile Endpoint Detection & Response powered by data from 185M+ apps and 200M+ devices on iOS, Android, ChromeOS.

Try Lookout for Free Today
Schedule Demo
HeaderHeaderHeaderHeader
CellCellCellCell
CellCellCellCell
CellCellCellCell
CellCellCellCell