Earlier this month, four security vulnerabilities in Qualcomm Graphics and Arm Mali GPU Driver that affected Android were patched. Since it is highly likely that the vulnerabilities were exploited in the wild, Google had to update its security bulletin.
Four Android Zero-Days Exploited in the Wild
“There are indications that CVE-2021-1905, CVE-2021-1906, CVE-2021-28663 and CVE-2021-28664 may be under limited, targeted exploitation,” Google shared in an announcement.
What are the consequences of attacks based on any of the four flaws? A successful attempt would give attackers access to targeted vulnerable devices, allowing them to take control. There is no information revealing how the attacks happened, and if the victims were targeted. It is also known what threat group was behind the attacks.
It is noteworthy that this is a rare example of Android zero-days used in attacks in the wild, researchers noted.
Another Qualcomm vulnerability used in targeted attacks
In March, Google revealed the CVE-2020-11261 vulnerability in Android devices, affecting Qualcomm chipsets and their Graphics component in an issue called “improper input validation.” The flaw could cause memory corruption when a malicious app requests access to the device’s memory. Google shared the vulnerability was used in targeted attacks.
It should be mentioned that the CVE-2020-11261 vulnerability could only be exploited locally, as it requires local access to the device. This means that an attack is only possible if the threat actor has physical access. Another attack initiation scenario is using the so-called watering hole approach. This strategy requires knowing the websites the victim visits in order to infect them with malware.