Home > Cyber News > CVE-2020-11261: Qualcomm Zero-Day Used in Attacks against Android Devices

CVE-2020-11261: Qualcomm Zero-Day Used in Attacks against Android Devices

CVE-2020-11261 qualcomm  androidCVE-2020-11261 is a new dangerous vulnerability in Android devices. The vulnerability affects Qualcomm chipsets and their Graphics component in an issue called “improper input validation.”

CVE-2020-11261: Some Details

If exploited successfully, the flaw could cause memory corruption when a malicious app requests access to the device’s memory. According to Google, the vulnerability has been used in targeted attacks.

It should be mentioned that the CVE-2020-11261 vulnerability can only be exploited locally, as it requires local access to the device. This means that an attack is only possible if the threat actor has physical access. Another attack initiation scenario is using the so-called watering hole approach. This strategy requires knowing the websites the victim visits in order to infect them with malware.

Google hasn’t provided any details on the targeted attacks, most probably to prevent other threat actors from exploiting the flaw.

Previous Qualcomm Vulnerabilities Affecting Android

In 2020, a severe Qualcomm vulnerability affecting Android was also disclosed. Called Achilles, the vulnerability was defined as a collection of over 400 bugs in the embedded Qualcomm chipsets. The core of the issues was a disruption in the DSP processor functions, which caused improper handling of the most important features of the Android device: process execution, charging, and multimedia execution.

Threat actors could the Achilles bug in different distribution campaigns – from directly creating malicious files, to using payload carriers and SPAM email messages.

In 2019, a chain of two security bugs (CVE-2015-6639 and CVE-2016-2431) were discovered in the Qualcomm Secure World virtual processor, which could be exploited to leak financial information.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree