Tactic: Execution (TA0002)
Technique: Exploitation for Client Execution (T1203):
- A vulnerability in System could allow for remote code execution. (CVE-2024-0031)
Details of lower-severity vulnerabilities are as follows:
- Multiple vulnerabilities in Framework that could allow for escalation of privilege. (CVE-2024-0029, CVE-2024-0032, CVE-2024-0034, CVE-2024-0036, CVE-2024-0038, CVE-2024-0041)
- Multiple vulnerabilities in Framework that could allow for information disclosure. (CVE-2023-40122, CVE-2024-0037, CVE-2024-0037)
- Multiple vulnerabilities in System that could allow for escalation of privilege. (CVE-2024-0014, CVE-2024-0033, CVE-2024-0035)
- Multiple vulnerabilities in System that could allow for information disclosure. (CVE-2023-40093, CVE-2024-0030)
- Multiple vulnerabilities in Arm components. (CVE-2023-5091, CVE-2023-5249, CVE-2023-5643)
- Multiple vulnerabilities in MediaTek components. (CVE-2024-20011, CVE-2024-20006, CVE-2024-20007, CVE-2024-20009, CVE-2024-20010, CVE-2023-32841, CVE-2023-32842, CVE-2023-32843, CVE-2024-20003)
- Multiple vulnerabilities in Unisoc components. (CVE-2023-49667, CVE-2023-49668)
- Multiple vulnerabilities in Qualcomm components. (CVE-2023-43513, CVE-2023-43516, CVE-2023-43520, CVE-2023-43534)
- Multiple vulnerabilities in Qualcomm closed-source components. (CVE-2023-33046, CVE-2023-33049, CVE-2023-33057, CVE-2023-33058, CVE-2023-33060, CVE-2023-33072, CVE-2023-33076, CVE-2023-43518, CVE-2023-43519, CVE-2023-43522, CVE-2023-43523, CVE-2023-43533, CVE-2023-43536)
Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.
RECOMMENDATIONS:
We recommend the following actions be taken:
- Apply appropriate patches provided by Google to vulnerable systems, immediately after appropriate testing. (M1051: Update Software)
o Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
o Safeguard 7.4: Perform Automated Application Patch Management: Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.
o Safeguard 7.5: Perform Automated Vulnerability Scans of Internal Enterprise Assets: Perform automated vulnerability scans of internal enterprise assets on a quarterly, or more frequent, basis. Conduct both authenticated and unauthenticated scans, using a SCAP-compliant vulnerability scanning tool.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources. Inform and educate users regarding threats posed by hypertext links contained in emails or attachments, especially from un-trusted sources. (M1017: User Training)
- Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. (M1050: Exploit Protection)
o Safeguard 10.5: Enable Anti-Exploitation Features: Enable anti-exploitation features on enterprise assets and software, where possible, such as Apple® System Integrity Protection (SIP) and Gatekeeper™.
o Safeguard 13.10 : Perform Application Layer Filtering: Perform application layer filtering. Example implementations include a filtering proxy, application layer firewall, or gateway.