CVE-2024-49745
📋 TL;DR
This CVE describes an out-of-bounds write vulnerability in Android's Parcel component that allows local privilege escalation without user interaction. Attackers can exploit this to gain elevated system privileges on affected Android devices. All Android devices running vulnerable versions are potentially affected.
💻 Affected Systems
- Android
📦 What is this software?
Android by Google
Android by Google
Android by Google
Android by Google
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise with root/system-level access, allowing installation of persistent malware, data theft, and bypassing all security controls.
Likely Case
Local privilege escalation enabling attackers to execute arbitrary code with elevated permissions, potentially leading to data exfiltration or further system compromise.
If Mitigated
Limited impact if devices are fully patched and have additional security controls like SELinux enforcement and app sandboxing properly configured.
🎯 Exploit Status
Exploitation requires local access but no user interaction. The vulnerability is in a core system component making reliable exploitation challenging but possible.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: January 2025 Android Security Patch or later
Vendor Advisory: https://source.android.com/security/bulletin/2025-01-01
Restart Required: Yes
Instructions:
1. Check for system updates in Settings > System > System update. 2. Install the January 2025 Android security patch. 3. Reboot device after installation.
🔧 Temporary Workarounds
Restrict local app installations
AndroidPrevent installation of untrusted applications that could exploit this vulnerability
adb shell settings put secure install_non_market_apps 0
🧯 If You Can't Patch
- Implement strict application allowlisting to prevent untrusted apps from running
- Enable enhanced security features like Google Play Protect and verify all installed apps are from trusted sources
🔍 How to Verify
Check if Vulnerable:
Check Android security patch level in Settings > About phone > Android version. If patch level is earlier than January 2025, device is vulnerable.Check Version:
adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Verify security patch level shows January 2025 or later in Settings > About phone > Android version.📡 Detection & Monitoring
Log Indicators:
- Unusual privilege escalation attempts in system logs
- SELinux denials related to Parcel operations
- Crash reports from system_server
Network Indicators:
- Unusual outbound connections from system processes
- Suspicious network activity following local exploitation
SIEM Query:
source="android_system" AND (event="SELINUX_denial" AND component="Parcel" OR process="system_server" AND error="segmentation_fault")