Several vulnerabilities have been discovered in the Google Android operating system, the most serious of which could allow remote code execution in the context of the logged in user. Following the MITER ATT&CK framework, the exploitation of the most severe of these vulnerabilities can be classified as follows:
Tactical: Execution (TA0002)
Technical: Operation for customer execution (T1203):
- A vulnerability in the system that could allow remote code execution. (CVE-2024-43767)
- Multiple vulnerabilities in Framework that could allow privilege escalation. (CVE-2024-43764, CVE-2024-43769)
- Several vulnerabilities in the system that could allow escalation of privileges. (CVE-2024-43097, CVE-2024-43768)
Details of lower severity vulnerabilities are as follows:
- Multiple vulnerabilities in Imagination Technologies. (CVE-2024-43077, CVE-2024-43701)
- A vulnerability in MediaTek components. (CVE-2024-20125)
- A vulnerability in Qualcomm components. (CVE-2024-33063)
- Multiple vulnerabilities in Qualcomm closed-source components. (CVE-2024-33044, CVE-2024-33056, CVE-2024-43048, CVE-2024-43052)
Successful exploitation of the most severe of these vulnerabilities could enable remote code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, modify or delete data; or create new accounts with full rights.
