Android Patches Actively Exploited Zero-Day Kernel Bug

Among Google’s November Android security updates is a patch for a zero-working day weak spot that “may be below limited, targeted exploitation,” the enterprise reported.

Out of this month’s batch of 39 patches, 18 of them plug flaws in the framework and method elements and another 18 tackle vulnerabilities in the kernel and vendor factors.

✔ Approved From Our Partners

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code

Use-Soon after-Free Flaw in the Kernel

Google described the one that attackers may be finding aside – CVE-2021-1048 – as prompted by a use-following-no cost (UAF) vulnerability in the kernel. UAF bugs permit for code substitution by employing a dangling pointer in dynamic memory. In this case, it can be exploited for area escalation of privilege and, when paired with a remote code execution (RCE) bug, an exploit could enable attackers to achieve administrative handle around a qualified program.

The internet titan kept its lips zipped about the particulars of the attacks exploiting CVE-2021-1048, but the truth that they are focused raises the probability of nation-point out highly developed persistent menace (APT) groups carrying them out for espionage.

There is precedent for that: Previously this yr, Android equipment ended up focused in an espionage marketing campaign that adapted the LodaRAT – acknowledged for focusing on Windows products – to also go after Android products in a marketing campaign that targeted Bangladesh.

Most Severe Issues

The most critical of the updates handle two critical remote code execution (RCE) vulnerabilities – tracked as CVE-2021-0918 and CVE-2021-0930 – in the Process ingredient. The flaws could help a remote attacker to execute arbitrary code within the context of a privileged procedure by sending a specially crafted transmission to qualified products.

“The severity assessment is primarily based on the effect that exploiting the vulnerability would probably have on an influenced unit, assuming the platform and assistance mitigations are turned off for development needs or if properly bypassed,” in accordance to the security update.

There are two a lot more critical security flaws resolved in this month’s patches: CVE-2021-1924 and CVE-2021-1975, the two of which have an effect on Qualcomm components.

Yet a different critical flaw can be found in Android Television remote support – which lets Android phones or tablets to be used as a distant for an Android Television. This one’s a different RCE, tracked as CVE-2021-0889. A nearby attacker who manages to exploit CVE-2021-0889 could creep up, silently pair with a Television set, and execute arbitrary code with no privileges or consumer interaction expected.

Superior-Severity Issues

Another 29 bugs are rated as superior-severity, with patches addressing vulnerabilities in the Framework, Media Framework, Procedure, kernel, Android Tv set, MediaTek and Qualcomm elements.

Google issued a different security advisory for Pixel equipment.

Verify out our free of charge upcoming reside and on-demand on-line town halls – exclusive, dynamic discussions with cybersecurity authorities and the Threatpost group.