Topics
later
AI
Amazon
Image Credits:David Paul Morris/Bloomberg / Getty Images
Apps
Biotech & Health
mood
Cloud Computing
Commerce
Crypto
go-ahead
EVs
Fintech
Fundraising
convenience
game
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
concealment
Robotics
Security
Social
Space
Startups
TikTok
Transportation
Venture
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
adjoin Us
On Monday , Google released an update for Androidthat fixes two zero - day flaw that “ may be under limited , targeted exploitation , ” as the company put it . That think of Google is cognizant that hackers have been and may still be using the bugs to compromise Android devices in real - world scenarios .
One of the two now - fixed zero - mean solar day , track asCVE-2024 - 53197 , was key out by Amnesty International in collaboration with Benoît Sevens of Google ’s Threat Analysis Group , the tech giant ’s security squad that tracks government - backed cyberattacks .
In February , Amnesty enjoin it had find that Cellebrite , a party that sells devices to legal philosophy enforcement for unlocking and forensically canvas phone , was involve reward of a chain of threezero - twenty-four hours vulnerabilitiesto hack into Android phones .
In this typeface , Amnesty find oneself the vulnerabilities , including the one patched on Monday , being used against a Serbian student activistby local authorities armed with Cellebrite .
There is n’t a lot of information , however , on the second vulnerability , CVE-2024 - 53150 , patched on Monday , other than the fact that its discovery was also credited to Google ’s Sevens and that the fault wasfound in the kernel , the core of an operating system .
Google did not immediately respond to a request for comment .
Amnesty spokesperson Hajira Maryam say the non - profits did not have anything to share at this point .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
The tech behemoth said in its advisory that “ the most spartan of these issue is a critical security exposure in the System component that could take to remote escalation of perquisite with no additional execution exclusive right needed , ” and that , “ user fundamental interaction is not needed for victimization . ”
Google tell that it would push source code plot of land for the two fixed zero - days within 48 hours of the advisory , while also noting that Android partners are “ notified of all issues at least a month before publication . ”
Given Android ’s undefended beginning nature , every speech sound manufacturer now has to push patches out to their own users .
This story was update to admit Amnesty ’s response .
