Google has addressed 62 Android security vulnerabilities, including two actively exploited zero-day flaws, as part of this month's security update, reports BleepingComputer.More significant of the patched zero-days is the high-severity Linux kernel privilege escalation bug, tracked as CVE-2024-53197, which is part of a Cellebrite-developed exploit chain leveraged by Serbian authorities to infiltrate a targeted Android device. Such an exploit chain by the Israeli digital forensics firm also included the recently patched USB Video Class and Human Interface Devices zero-days, tracked as CVE-2024-53104 and CVE-2024-50302, respectively. Google also fixed the Android Kernel information disclosure zero-day, tracked as CVE-2024-53150, which could be abused to facilitate sensitive data compromise even without interactions from the targeted user, as well as 60 other bugs, which are mostly high-severity privilege escalation issues. Such a development comes months after Google fixed the zero-day bug, tracked as CVE-2024-43047, which has been utilized in Serbian intrusions deploying the NoviSpy malware.
Widely used workplace time tracking and productivity monitoring software WorkComposer had over 21 million screenshots of employee devices unintentionally leaked by an unprotected Amazon S3 bucket, Cybernews reports.