Security News > 2021 > March > Recently Patched Android Vulnerability Exploited in Attacks
Google has warned Android users that a recently patched vulnerability has been exploited in attacks.
The vulnerability in question, tracked as CVE-2020-11261, was patched by Google with the Android security updates released in January 2021.
The vulnerability is a high-severity improper input validation issue affecting a display/graphics component from Qualcomm.
Google Project Zero researcher Ben Hawkes posted a tweet on Monday to point out that the Android security bulletin for January 2021 has been updated to inform users that the vulnerability has apparently been exploited.
Google has credited GitHub security researcher Man Yue Mo for reporting the vulnerability.
The APT group had leveraged watering hole attacks to deliver malware to Windows, Android and iOS devices.
News URL
Related news
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- FortiManager critical vulnerability under active attack (source)
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-09 | CVE-2020-11261 | Improper Input Validation vulnerability in Qualcomm products Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 |