Google alerts users to a security vulnerability affecting its Android operating system that is currently being actively exploited in the wild. A privilege escalation flaw in the Android Framework component has been identified as the vulnerability, which is tracked as CVE-2024-43093. Although Google stated in its monthly bulletin that there are signs the vulnerability "may be under limited, targeted exploitation," there are currently no details regarding how it is being used as a weapon in actual attacks.

Additionally, the tech giant reported that a security flaw in Qualcomm chipsets that has since been fixed has been actively exploited. A successful exploitation of the Digital Signal Processor (DSP) Service's use-after-free vulnerability could result in memory corruption. Although it might have been used as part of highly targeted spyware attacks directed at members of civil society, the advisory provides no information on the exploit activity targeting the flaw or when it might have begun.