Home > Cyber News > Four Android Zero-Day Bugs Exploited in the Wild (CVE-2021-1905)
CYBER NEWS

Four Android Zero-Day Bugs Exploited in the Wild (CVE-2021-1905)

by   |  Last Update:  |  0 Comments  

Four Android Zero-Day Bugs Exploited in the Wild-sensorstechforum

Earlier this month, four security vulnerabilities in Qualcomm Graphics and Arm Mali GPU Driver that affected Android were patched. Since it is highly likely that the vulnerabilities were exploited in the wild, Google had to update its security bulletin.

Four Android Zero-Days Exploited in the Wild

“There are indications that CVE-2021-1905, CVE-2021-1906, CVE-2021-28663 and CVE-2021-28664 may be under limited, targeted exploitation,” Google shared in an announcement.

What are the consequences of attacks based on any of the four flaws? A successful attempt would give attackers access to targeted vulnerable devices, allowing them to take control. There is no information revealing how the attacks happened, and if the victims were targeted. It is also known what threat group was behind the attacks.

It is noteworthy that this is a rare example of Android zero-days used in attacks in the wild, researchers noted.




Another Qualcomm vulnerability used in targeted attacks

In March, Google revealed the CVE-2020-11261 vulnerability in Android devices, affecting Qualcomm chipsets and their Graphics component in an issue called “improper input validation.” The flaw could cause memory corruption when a malicious app requests access to the device’s memory. Google shared the vulnerability was used in targeted attacks.

It should be mentioned that the CVE-2020-11261 vulnerability could only be exploited locally, as it requires local access to the device. This means that an attack is only possible if the threat actor has physical access. Another attack initiation scenario is using the so-called watering hole approach. This strategy requires knowing the websites the victim visits in order to infect them with malware.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. CVE-2020-11261: Qualcomm Zero-Day Used in Attacks against Android Devices CVE-2020-11261 is a new dangerous vulnerability in Android devices. The...
  2. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  3. CVE-2021-1048 Android Zero-Day Exploited in the Wild CVE-2021-1048 is a new zero-day vulnerability in Android that was...
  4. CVE-2021-33742: Microsoft Just Fixed 6 Security Bugs Exploited in the Wild Microsoft just fixed 50 vulnerabilities in June 2021 Patch Tuesday,...
  5. Google’s Latest Android Security Update Fixes 47 Vulnerabilities Google has delivered their last and probably final Android update...
  6. CVE-2021-1647 Windows Defender Zero-Day Exploited in the Wild For Microsoft and Windows users, 2021 starts off with a...
  7. CVE-2021-30632 and CVE-2021-30633: Chrome Zero-Days Exploited in the Wild Is your Chrome browser up-to-date? Google just released fixes for...
  8. iOS CVE-2021-30807 Zero-Day Exploited in the Wild, Patch Now A zero-day vulnerability in iOS, iPadOS, and macOS was just...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree