Google has rolled out its regular security patches for Android with fixes for 39 flaws, which includes a zero-day vulnerability that it mentioned is being actively exploited in the wild in minimal, focused attacks.
Tracked as CVE-2021-1048, the zero-day bug is explained as a use-just after-totally free vulnerability in the kernel that can be exploited for nearby privilege escalation. Use-right after-totally free issues are harmful as it could enable a threat actor to entry or referencing memory after it has been freed, primary to a “publish-what-where” issue that success in the execution of arbitrary code to acquire regulate around a victim’s technique.
“There are indications that CVE-2021-1048 might be underneath restricted, targeted exploitation,” the firm pointed out in its November advisory without revealing complex details of the vulnerability, the mother nature of the intrusions, and the identities of the attackers that may have abused the flaw.
Also remediated in the security patch are two critical remote code execution (RCE) vulnerabilities — CVE-2021-0918 and CVE-2021-0930 — in the Program part that could make it possible for remote adversaries to execute malicious code inside the context of a privileged process by sending a specially-crafted transmission to targeted equipment.
Two much more critical flaws, CVE-2021-1924 and CVE-2021-1975, impact Qualcomm shut-source parts, whilst a fifth critical vulnerability in Android Tv (CVE-2021-0889) could permit an attacker in near proximity to silently pair with a Television and execute arbitrary code with no privileges or person interaction demanded.
With the newest round of updates, Google has dealt with a complete of 6 zero-days in Android given that the commence of the 12 months —
- CVE-2020-11261 (CVSS score: 8.4) – Improper enter validation in Qualcomm Graphics element
- CVE-2021-1905 (CVSS rating: 8.4) – Use-immediately after-free in Qualcomm Graphics ingredient
- CVE-2021-1906 (CVSS score: 6.2) – Detection of error situation with no motion in Qualcomm Graphics element
- CVE-2021-28663 (CVSS rating: 8.8) – Mali GPU Kernel Driver makes it possible for improper functions on GPU memory
- CVE-2021-28664 (CVSS score: 8.8) – Mali GPU Kernel Driver elevates CPU RO web pages to writable
Uncovered this short article appealing? Abide by THN on Facebook, Twitter and LinkedIn to go through extra exceptional content material we article.
Some parts of this write-up are sourced from: