CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-31317

Critical Severity
Google
SVRS
73/100
CVSSv3
7.8/10
EPSS
0.02623/1

CVE-2024-31317 describes a critical vulnerability in ZygoteProcess.java, potentially allowing arbitrary code execution as any app. Unsafe deserialization via WRITE_SECURE_SETTINGS allows a local escalation of privilege, though user interaction isn't required. The CVSS score is 7.8, indicating high severity, but the SOCRadar Vulnerability Risk Score (SVRS) of 73 further emphasizes the risk. While not in the critical zone (80+), its proximity warrants close monitoring and potentially proactive patching. The vulnerability being "In The Wild" means it is actively exploited, increasing urgency. Successful exploitation could compromise app data and system security.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:L
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-07-09
LAST MODIFIED2024-12-17
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-31317 is a vulnerability affecting ZygoteProcess.java, a core component of Android. This vulnerability allows for potential code execution as any application due to unsafe deserialization in multiple functions, potentially leading to local escalation of privilege. Exploitation requires user execution privileges but does not necessitate user interaction.

SVRS: While the CVSS score is 7.8, indicating a high severity, the SOCRadar Vulnerability Risk Score (SVRS) is 30, suggesting a lower urgency for immediate action. This discrepancy highlights the value of SVRS in providing a more nuanced and contextually aware risk assessment.

Key Insights

  • Unsafe Deserialization: The vulnerability arises from unsafe deserialization within ZygoteProcess.java. Deserialization, the process of converting data from a serialized format back into an object, can be vulnerable to attacks if not handled securely. Attackers can exploit this vulnerability to execute arbitrary code within the target system.
  • Local Escalation of Privilege: The vulnerability allows an attacker with user execution privileges to escalate their privileges and potentially gain complete control over the device.
  • No User Interaction Required: Exploitation of this vulnerability does not require any user interaction, making it potentially easier for attackers to compromise devices.
  • Exploit Status: While the exploit status remains unknown based on the provided data, it is crucial to monitor for the availability of exploits and react promptly to any published exploits.

Mitigation Strategies

  • Update Android System: Ensure your Android system is running the latest security patches. This should include the necessary updates to address this specific vulnerability.
  • Limit Permissions: Minimize the permissions granted to applications, particularly those with access to sensitive data or system functions. Restricting permissions can limit the impact of this vulnerability even if exploited.
  • Use Reputable Applications: Download and install applications only from trusted sources like the Google Play Store to minimize the risk of installing malicious applications that could exploit this vulnerability.
  • Monitor for Exploits: Actively monitor for information about exploits targeting this vulnerability and deploy mitigations quickly.

Additional Information

For further details on this vulnerability or other cybersecurity concerns, you can utilize the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Android Zygote Injection Vulnerability Let Attackers Execute Code & Escalate Privileges
Tushar Subhra Dutta2025-03-11
Android Zygote Injection Vulnerability Let Attackers Execute Code &amp; Escalate Privileges | A critical Android vulnerability identified as CVE-2024-31317 has been discovered that allows attackers to execute arbitrary code with system privileges. The &#8220;Zygote Injection&#8221; vulnerability affects devices running Android 11 or older and enables attackers to escalate privileges from a shell user to the system user, potentially compromising entire devices. The vulnerability has been described by [&#8230;] The post Android Zygote Injection Vulnerability Let Attackers Execute Code &amp; Escalate Privileges</a
cybersecuritynews.com
rss
forum
news
Android Zygote Injection Flaw Lets Attackers Execute Code &amp; Gain Elevated Privileges
Aman Mishra2025-03-10
Android Zygote Injection Flaw Lets Attackers Execute Code &amp; Gain Elevated Privileges | A significant vulnerability in the Android operating system, identified as CVE-2024-31317, has been discovered, allowing attackers to exploit the Zygote process for system-wide code execution and privilege escalation. This flaw affects devices running Android 11 or older, highlighting a critical security risk in the Android ecosystem. Background and Vulnerability Details The Zygote process is a [&#8230;] The post Android Zygote Injection Flaw Lets Attackers Execute Code &amp; Gain Elevated Privileges<
gbhackers.com
rss
forum
news
Exploiting Android Zygote Injection (CVE-2024–31317)
David de Villiers2025-02-27
Exploiting Android Zygote Injection (CVE-2024–31317) | How Android Zygote Injection Enables System-Wide Code Execution and Privilege EscalationContinue reading on InfoSec Write-ups »
medium.com
rss
forum
news
CVE-2024-31317 | Google Android 12/12L/13/14 ZygoteProcess.java WRITE_SECURE_SETTINGS deserialization
vuldb.com2024-12-17
CVE-2024-31317 | Google Android 12/12L/13/14 ZygoteProcess.java WRITE_SECURE_SETTINGS deserialization | A vulnerability was found in Google Android 12/12L/13/14. It has been classified as problematic. Affected is the function WRITE_SECURE_SETTINGS of the file ZygoteProcess.java. The manipulation leads to deserialization. This vulnerability is traded as CVE-2024-31317. An attack has to be approached locally. There is
vuldb.com
rss
forum
news

Social Media

The Android Zygote Processor Critical vulnerability CVE-2024-31317 The main issue is that the permission of any UID in the Android system can be obtained by using this vulnerability, which is similar to breaking through the Android sandbox and obtaining the permission of any https://t.co/e8IPNhigRF
0
0
0
Arbitrary Code Execution as any Android app via Zygote command injection - CVE-2024-31317 - https://t.co/JD5CR06C2D #MobileSecurity #Android #RCE #bugbountytips #cve https://t.co/u26o45ao0T
0
0
1
Actively exploited CVE : CVE-2024-31317
1
0
0
New vulnerability CVE-2024-31317 in Android Zygote allows system-wide code execution and privilege escalation on devices running Android 11 or older. ⚠️ Protect devices! #AndroidVulnerability #ZygoteInjection #USA link: https://t.co/EdHDxLZebe https://t.co/6MV0lij57S
0
0
2

Affected Software

Configuration 1
TypeVendorProduct
OSGoogleandroid

References

ReferenceLink
[email protected]https://android.googlesource.com/platform/frameworks/base/+/e25a0e394bbfd6143a557e1019bb7ad992d11985
[email protected]https://source.android.com/security/bulletin/2024-06-01
AF854A3A-2127-422B-91AE-364DA2661108https://android.googlesource.com/platform/frameworks/base/+/e25a0e394bbfd6143a557e1019bb7ad992d11985
AF854A3A-2127-422B-91AE-364DA2661108https://source.android.com/security/bulletin/2024-06-01
[email protected]https://android.googlesource.com/platform/frameworks/base/+/e25a0e394bbfd6143a557e1019bb7ad992d11985
[email protected]https://source.android.com/security/bulletin/2024-06-01

CWE Details

CWE IDCWE NameDescription
CWE-502Deserialization of Untrusted DataThe application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence