Security News > 2021 > March > Recently Patched Android Vulnerability Exploited in Attacks
Google has warned Android users that a recently patched vulnerability has been exploited in attacks.
The vulnerability in question, tracked as CVE-2020-11261, was patched by Google with the Android security updates released in January 2021.
The vulnerability is a high-severity improper input validation issue affecting a display/graphics component from Qualcomm.
Google Project Zero researcher Ben Hawkes posted a tweet on Monday to point out that the Android security bulletin for January 2021 has been updated to inform users that the vulnerability has apparently been exploited.
Google has credited GitHub security researcher Man Yue Mo for reporting the vulnerability.
The APT group had leveraged watering hole attacks to deliver malware to Windows, Android and iOS devices.
News URL
Related news
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Versa fixes Director zero-day vulnerability exploited in attacks (source)
- Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-09 | CVE-2020-11261 | Improper Input Validation vulnerability in Qualcomm products Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.2 |