A vulnerability (CVE-2024-43093) has been discovered in Google Android that could allow for remote code execution.  Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of this vulnerability could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Systems Affected
Android OS Patch levels prior to 2024-11-01

What You Should Do
Android users should promptly install the November security update to protect their devices from actively exploited vulnerabilities. There are two patches available: 

  • 11th November Patch Level (2024-11-01): Focusing on core Android components, including the framework and system 
  • 5th November Patch Level (2024-11-05): Mitigates security vulnerabilities specific to certain hardware components, including those by Qualcomm, MediaTek, Imagination Technologies, and others. 

Questions?  Reach out to a member of the BMT Support Team!