Overview
- Description
- In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- Source
- security@android.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Known exploits
Data from CISA
- Vulnerability name
- Android Framework Privilege Escalation Vulnerability
- Exploit added on
- Nov 7, 2024
- Exploit action due
- Nov 28, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Actively exploited CVE : CVE-2024-43093
@transilienceai
17 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Advisory on Vulnerability CVE-2024-43093 Exploited in Android Operating System. @NITDANigeria https://t.co/h3EraPnKzS
@theoloriherself
16 Nov 2024
133 Impressions
3 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Advisory on Vulnerability CVE-2024-43093 Exploited in Android Operating System. by @NITDANigeria https://t.co/4kYl0bwAyb
@Adeolaoluw71104
16 Nov 2024
56 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Android users, update phone now! CVE-2024-43093 is being exploited. Protect your device from unauthorized access. https://t.co/ELjbF630Fk
@Ahmed___khaan
15 Nov 2024
477 Impressions
3 Retweets
11 Likes
1 Bookmark
0 Replies
0 Quotes
Android users, update now! CVE-2024-43093 is being exploited. Protect your device from unauthorized access. https://t.co/6PE0IMaCPZ
@__yellows
15 Nov 2024
908 Impressions
7 Retweets
11 Likes
0 Bookmarks
0 Replies
0 Quotes
Advisory on Vulnerability CVE-2024-43093 Exploited in Android Operating System. - Overview. - Impact. - Prevention. Via - @NITDANigeria. https://t.co/kXniDr2ass
@Nawas_masood
15 Nov 2024
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Advisory on Vulnerability CVE-2024-43093 Exploited in Android Operating System. - Overview. - Impact. - Prevention. Via - @NITDANigeria. https://t.co/DeEFeX5Ie3
@zaMusbeyNe_
15 Nov 2024
433 Impressions
13 Retweets
13 Likes
0 Bookmarks
0 Replies
0 Quotes
Important Message From @NITDANigeria : Advisory on Vulnerability CVE-2024-43093 Exploited in Android Operating System. https://t.co/diXdwgJtUE
@Journalist_Mind
15 Nov 2024
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Advisory on Vulnerability CVE-2024-43093 Exploited in Android Operating System. https://t.co/9jvcWUR6kL
@_chiefagbabiaka
15 Nov 2024
1312 Impressions
10 Retweets
8 Likes
0 Bookmarks
1 Reply
0 Quotes
Advisory on Vulnerability CVE-2024-43093 Exploited in Android Operating System. https://t.co/fgFuIXVOUm
@NITDANigeria
15 Nov 2024
4485 Impressions
51 Retweets
70 Likes
3 Bookmarks
1 Reply
3 Quotes
🚨 #Android Vulnerability Alert: #CVE-2024-43093 Allows Privilege Escalation (Undercode Analysis) https://t.co/QfqRWTzXmJ
@UndercodeNews
15 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-43093 In shouldHideDocument of https://t.co/r3tn21m5se, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to in… https://t.co/TAOCmEWUBr
@CVEnew
13 Nov 2024
314 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥Your daily #security news! Google Warns of Actively Exploited Android Vulnerability! Google has warned that a privilege escalation flaw in the Android Framework component (CVE-2024-43093) is being actively exploited in the wild. The vulnerability could result in unauthorized…
@GuardingPearSof
11 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Latest Cyber Security News from Cyber Security Park. Google warns of actively exploited CVE-2024-43093 vulnerability in Android system, https://t.co/i5SFARbQMu
@cybersecpark
11 Nov 2024
39 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
3/10🔓Exploit in Android Framework! 🚨 CVE-2024-43093 is actively being exploited in targeted attacks. Protect yourself by staying up to date with the latest security patches. High-value individuals and organizations are particularly at risk!💥#CyberAttack #AndroidExploit
@Eth1calHackrZ
10 Nov 2024
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2/10 💥 CVE-2024-43093: A Threat to Your Privacy⚠️This Android vulnerability targets critical directories like "Android/data" & "Android/obb". Attackers could steal personal data, install malware, or hijack your device. Stay protected — update your OS immediately!🚫#AndroidFl
@Eth1calHackrZ
10 Nov 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/10 Google Warns of Critical Android Flaw! Google has issued a warning about CVE-2024-43093, an actively exploited Android vulnerability. This flaw can give attackers unauthorized access to sensitive user data and even take control of your device. Update now!🔒#AndroidSecurity
@Eth1calHackrZ
10 Nov 2024
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Alert: Active Exploitation of Critical Flaws 🚨 CISA warns of high-risk vulnerabilities: Palo Alto Expedition (CVE-2024-5910) Android (CVE-2024-43093) CyberPanel (CVE-2024-51567) Federal agencies advised to patch by Nov 28. #Cybersecurity #CISA #PaloAlto #Vulnerability ht
@redfoxsec
8 Nov 2024
57 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-43093 is getting exploited #inthewild. Find out more at https://t.co/BBXVZxg337
@inthewildio
8 Nov 2024
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE Alert: Android Framework Privilege Escalation Zero-day Vulnerability Exploited In-The-Wild🚨 Vulnerability Details: CVE-2024-43093 (HIGH) Android Framework Privilege Escalation Vulnerability Impact A Successful exploit may allow a remote attacker to gain elevated… https:/
@CyberxtronTech
8 Nov 2024
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Android Security Alert 🚨 Google warns of an actively exploited flaw: CVE-2024-43093 It targets critical directories in Android Framework. Another bug, CVE-2024-43047, hits Qualcomm chips, linked to spyware attacks. #safeyourweb #Hacking #CyberSecurity #Android #Infosec h
@safeyourweb
8 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google предупредила об активно эксплуатируемой уязвимости в Android Компания Google сообщала, что свежая уязвимость CVE-2024-43093 в операционной системе Android уже активно используется хакерами. Подробнее https://t.co/EwaDlAPxy3 https://t.co/GNBqMMfLxh
@pc7ooo
7 Nov 2024
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-43093 #Android #Framework Privilege Escalation Vulnerability https://t.co/y0K4FnHDLY
@ScyScan
7 Nov 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE Android Security Alert! CVE-2024-43093: A high-severity privilege escalation vulnerability in Android’s Framework component, which affects the Documents UI component within Project Mainline. This vulnerability allows attackers to elevate their access privileges,… h
@Loginsoft_Inc
7 Nov 2024
45 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Android users, beware! Google has flagged a new vulnerability (CVE-2024-43093) under active attack. Don’t leave your data exposed! 🔒 Check out the full details here: https://t.co/nKfUEgte7C #Cybersecurity #Android #Vulnerability
@StackZeroSec
7 Nov 2024
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
به تازگی گوگل ۴۰ آسیب پذیری که ۲ آسیب پذیری از آنها از نوع Zero Day بوده اند را پچ نموده است. این دو آسیب پذیری دارای کدهای شناسایی CVE-2024-43047 و CVE-2024-43093 می باشند و به هکرها بدون نیاز به سطح دسترسی خاصی امکان اجرای code را می دهند. https://t.co/Y2P1U3epiq https://t.co
@AmirHossein_sec
6 Nov 2024
42 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری CVE-2024-43093 اندروید را فورا پچ کنید! https://t.co/DwBE61nGKp
@vulnerbyte
6 Nov 2024
21 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google предупредила об активно эксплуатируемой уязвимости в Android Компания Google сообщала, что свежая уязвимость CVE-2024-43093 в операционной системе Android уже активно используется хакерами. https://t.co/PeV98R0lEH
@XakepRU
6 Nov 2024
618 Impressions
3 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Googleは、Androidシステムの特権昇格の脆弱性であるCVE-2024-43093が現在悪用されていることを警告している。 #米国ニュース https://t.co/Lu7znYzoyA
@NaoyukiszB
6 Nov 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Shaking up the technology world with this: Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System - The Hacker News https://t.co/8MXukiUMko
@bens_bot_2396
6 Nov 2024
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Googleは、Androidの権限昇格の脆弱性CVE-2024-43093が、現在悪用されていると警告している。 #米国ニュース https://t.co/Lu7znYzoyA
@NaoyukiszB
6 Nov 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-43093あたりは、実証POCあるんかな。一時rootいける?
@Qpsk1234
6 Nov 2024
189 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Google advierte sobre la vulnerabilidad CVE-2024-43093 que está siendo explotada activamente en el sistema #Android https://t.co/7Mk1jweHwU
@Masterhacks_net
5 Nov 2024
24 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google has released the November 2024 security updates for Android, addressing two critical zero-day vulnerabilities, CVE-2024-43093 and CVE-2024-43047, which were actively exploited in targeted attacks. These vulnerabilities could enable attackers to execute arbitrary code,… htt
@XArthurDent
5 Nov 2024
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google fixes CVE-2024-43093 in Android OS #Google #Android #CVE-2024-43093 #CVE-2024-43047 https://t.co/k1SijqTW7Q
@pravin_karthik
5 Nov 2024
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System: https://t.co/EpZC27rusb Google has issued a warning regarding the actively exploited CVE-2024-43093 vulnerability in the Android operating system, which allows privilege escalation and… https://t.
@securityRSS
5 Nov 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Une nouvelle vulnérabilité critique vient d'être découverte sur #Android. Après l'alerte de @Qualcomm sur la faille CVE-2024-43047 au début du mois,@Google révèle aujourd'hui la CVE-2024-43093, qui menace vos données personnelles. Mettez votre smartphone à jour ! #Clubic #AyTèk h
@MontissolSteve1
5 Nov 2024
43 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google has released the November 2024 Android security update, addressing two actively exploited zero-day vulnerabilities, identified as CVE-2024-43093 and CVE-2024-43047. These vulnerabilities could potentially allow attackers to execute arbitrary code on affected devices.… http
@XArthurDent
5 Nov 2024
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security alert for Android users! Two zero-day vulnerabilities, CVE-2024-43047 and CVE-2024-43093, are actively being exploited in targeted attacks, prompting a crucial need for immediate updates. 🔹 CVE-2024-43047: A high-severity vulnerability in Qualcomm chipsets (CVSS 7.8)…
@Leighton411
5 Nov 2024
60 Impressions
3 Retweets
2 Likes
0 Bookmarks
2 Replies
0 Quotes
Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System https://t.co/YVaGZE79ii https://t.co/hPBWqQGL7n
@DidierCaradec
5 Nov 2024
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google patches actively exploited Android vulnerability (CVE-2024-43093) https://t.co/lXfzPmFeiw #cybersecurity #hackernews #cybernews https://t.co/czxvALGEnP
@cyberreport_io
5 Nov 2024
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security alert for Android users! Two zero-day vulnerabilities, CVE-2024-43047 and CVE-2024-43093, are actively being exploited in targeted attacks, prompting a crucial need for immediate updates. 🔹 CVE-2024-43047: A high-severity vulnerability in Qualcomm chipsets (CVSS 7.8)…
@Rejah_Rehim
5 Nov 2024
38 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google has identified a security flaw, CVE-2024-43093, impacting Android, currently under active, targeted exploitation. This privilege escalation vulnerability in the Android Framework lacks specific attack details, Google confirms signs of limited, real-world abuse.
@cyberwarzo44531
5 Nov 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Google patches actively exploited #Android vulnerability (#CVE-2024-43093) https://t.co/KlajOjZJgy
@ScyScan
5 Nov 2024
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Android flaw CVE-2024-43093 may be under limited, targeted exploitation https://t.co/yM49SW2wRO https://t.co/YvlI64Q6Cn
@buaqbot
5 Nov 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 November 2024 #AndroidSecurity Update 🔒 New patches are out for vulnerabilities (CVE-2024-43093 & CVE-2024-43047) actively exploited in the wild. Make sure to update and keep your devices secure from potential threats! 📲 https://t.co/rFHsOEeuJ4 #CyberSecurity… https://t
@socradar
5 Nov 2024
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google met en garde contre une vulnérabilité CVE-2024-43093 activement exploitée dans le système Android Tout savoir https://t.co/TSPzT6jlky #Google #free #alerte #Android
@ResandSecurity
5 Nov 2024
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Security Alert: Android vulnerability CVE-2024-43093 may be under limited, targeted exploitation. Users should ensure their devices are up-to-date and monitor for any unusual activity. Stay vigilant! #CyberSecurity #Android #Vulnerabilit https://t.co/mDkOiKJE2Y
@Sadewoabdipanun
5 Nov 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Google #Android Actively Exploited Vulnerability CVE-2024-43093 #cubersecurity #breakingnews #news #trending #latest https://t.co/qVT1X6HrnQ
@cyashadotcom
5 Nov 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Breach su Schneider Electric e vulnerabilità attivamente sfruttata su Android Sicurezza Informatica, Android, breach, CVE-2024-43093, cybersecurity, Google, Schneider Electric https://t.co/kplhF2v2LY https://t.co/0uiC4dUgFj
@matricedigitale
5 Nov 2024
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
},
{
"criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E"
}
],
"operator": "OR"
}
]
}
]