Home > Cyber News > Four Android Zero-Day Bugs Exploited in the Wild (CVE-2021-1905)
CYBER NEWS

Four Android Zero-Day Bugs Exploited in the Wild (CVE-2021-1905)

Four Android Zero-Day Bugs Exploited in the Wild-sensorstechforum

Earlier this month, four security vulnerabilities in Qualcomm Graphics and Arm Mali GPU Driver that affected Android were patched. Since it is highly likely that the vulnerabilities were exploited in the wild, Google had to update its security bulletin.

Four Android Zero-Days Exploited in the Wild

“There are indications that CVE-2021-1905, CVE-2021-1906, CVE-2021-28663 and CVE-2021-28664 may be under limited, targeted exploitation,” Google shared in an announcement.

What are the consequences of attacks based on any of the four flaws? A successful attempt would give attackers access to targeted vulnerable devices, allowing them to take control. There is no information revealing how the attacks happened, and if the victims were targeted. It is also known what threat group was behind the attacks.

It is noteworthy that this is a rare example of Android zero-days used in attacks in the wild, researchers noted.




Another Qualcomm vulnerability used in targeted attacks

In March, Google revealed the CVE-2020-11261 vulnerability in Android devices, affecting Qualcomm chipsets and their Graphics component in an issue called “improper input validation.” The flaw could cause memory corruption when a malicious app requests access to the device’s memory. Google shared the vulnerability was used in targeted attacks.

It should be mentioned that the CVE-2020-11261 vulnerability could only be exploited locally, as it requires local access to the device. This means that an attack is only possible if the threat actor has physical access. Another attack initiation scenario is using the so-called watering hole approach. This strategy requires knowing the websites the victim visits in order to infect them with malware.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree