Home > Cyber News > CVE-2020-11261: Qualcomm Zero-Day Used in Attacks against Android Devices
CYBER NEWS

CVE-2020-11261: Qualcomm Zero-Day Used in Attacks against Android Devices

by   |  Last Update:  |  0 Comments  

CVE-2020-11261 qualcomm androidCVE-2020-11261 is a new dangerous vulnerability in Android devices. The vulnerability affects Qualcomm chipsets and their Graphics component in an issue called “improper input validation.”

CVE-2020-11261: Some Details

If exploited successfully, the flaw could cause memory corruption when a malicious app requests access to the device’s memory. According to Google, the vulnerability has been used in targeted attacks.

It should be mentioned that the CVE-2020-11261 vulnerability can only be exploited locally, as it requires local access to the device. This means that an attack is only possible if the threat actor has physical access. Another attack initiation scenario is using the so-called watering hole approach. This strategy requires knowing the websites the victim visits in order to infect them with malware.

Google hasn’t provided any details on the targeted attacks, most probably to prevent other threat actors from exploiting the flaw.




Previous Qualcomm Vulnerabilities Affecting Android

In 2020, a severe Qualcomm vulnerability affecting Android was also disclosed. Called Achilles, the vulnerability was defined as a collection of over 400 bugs in the embedded Qualcomm chipsets. The core of the issues was a disruption in the DSP processor functions, which caused improper handling of the most important features of the Android device: process execution, charging, and multimedia execution.

Threat actors could the Achilles bug in different distribution campaigns – from directly creating malicious files, to using payload carriers and SPAM email messages.

In 2019, a chain of two security bugs (CVE-2015-6639 and CVE-2016-2431) were discovered in the Qualcomm Secure World virtual processor, which could be exploited to leak financial information.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  2. Google’s Latest Android Security Update Fixes 47 Vulnerabilities Google has delivered their last and probably final Android update...
  3. Four Android Zero-Day Bugs Exploited in the Wild (CVE-2021-1905) Earlier this month, four security vulnerabilities in Qualcomm Graphics and...
  4. Qualcomm Security Flaw Leaked Sensitive Data, Android Phones At Risk A new security research reveals yet another security flaw that...
  5. Achilles Android Vulnerability Affects Qualcomm Powered Devices A new dangerous Android vulnerability has been identified by security...
  6. Is Your Android Prone to QuadRooter Flaws? 900 Million Devices Are! We all know Android is vulnerable, but how vulnerable is...
  7. Blackrock Trojan Is a Android Malware Believed to Be Descendant from Lokibot The BlackRock Trojan is one of the newest Android Trojans...
  8. Vulnerable Audio Decoder Exposes Conversations of Millions of Android Users (CVE-2021-30351) A new Check Point security research, dubbed ALHACK, reveals vulnerabilities...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree