Google Warns of New Android 0-Day Vulnerability Under Active Targeted Attacks

Cyber Security

Products You May Like

Google has rolled out its monthly security patches for Android with fixes for 39 flaws, including a zero-day vulnerability that it said is being actively exploited in the wild in limited, targeted attacks.

Tracked as CVE-2021-1048, the zero-day bug is described as a use-after-free vulnerability in the kernel that can be exploited for local privilege escalation. Use-after-free issues are dangerous as it could enable a threat actor to access or referencing memory after it has been freed, leading to a “write-what-where” condition that results in the execution of arbitrary code to gain control over a victim’s system.

Automatic GitHub Backups

“There are indications that CVE-2021-1048 may be under limited, targeted exploitation,” the company noted in its November advisory without revealing technical details of the vulnerability, the nature of the intrusions, and the identities of the attackers that may have abused the flaw.

Also remediated in the security patch are two critical remote code execution (RCE) vulnerabilities — CVE-2021-0918 and CVE-2021-0930 — in the System component that could allow remote adversaries to execute malicious code within the context of a privileged process by sending a specially-crafted transmission to targeted devices.

Two more critical flaws, CVE-2021-1924 and CVE-2021-1975, affect Qualcomm closed-source components, while a fifth critical vulnerability in Android TV (CVE-2021-0889) could permit an attacker in close proximity to silently pair with a TV and execute arbitrary code with no privileges or user interaction required.

Prevent Data Breaches

With the latest round of updates, Google has addressed a total of six zero-days in Android since the start of the year —

  • CVE-2020-11261 (CVSS score: 8.4) – Improper input validation in Qualcomm Graphics component
  • CVE-2021-1905 (CVSS score: 8.4) – Use-after-free in Qualcomm Graphics component
  • CVE-2021-1906 (CVSS score: 6.2) – Detection of error condition without action in Qualcomm Graphics component
  • CVE-2021-28663 (CVSS score: 8.8) – Mali GPU Kernel Driver allows improper operations on GPU memory
  • CVE-2021-28664 (CVSS score: 8.8) – Mali GPU Kernel Driver elevates CPU RO pages to writable

Products You May Like

Articles You May Like

WhatsApp for Android Reportedly Testing Translation Feature for Messages Using Google’s Technology
OnePlus 12R to Get a Sunset Dune Colour Variant in India Soon
Amazon Prime Day 2024 Sale Deals Revealed: Discounts on Sony WH-1000XM4, Boat Smart Ring, Amazon Echo Pop and More
DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign
Samsung Galaxy Ring With PPG Sensor, Up to Seven Days Battery Life Launched in Nine Size Options

Leave a Reply

Your email address will not be published. Required fields are marked *