Security News > 2021 > May > Android Issues Patches for 4 New Zero-Day Bugs Exploited in the Wild

Google on Wednesday updated its May 2021 Android Security Bulletin to disclose that four of the security vulnerabilities that were patched earlier this month by Arm and Qualcomm may have been exploited in the wild as zero-days.

CVE-2021-1906 - A flaw concerning inadequate handling of address deregistration that could lead to new GPU address allocation failure.

CVE-2021-28663 - A vulnerability in Arm Mali GPU kernel that could permit a non-privileged user to make improper operations on GPU memory, leading to a use-after-free scenario that could be exploited to gain root privilege or disclose information.

CVE-2021-28664 - An unprivileged user can achieve read/write access to read-only memory, enabling privilege escalation or a denial-of-service condition due to memory corruption.

Earlier this March, Google revealed that a vulnerability affecting Android devices that use Qualcomm chipsets was being weaponized by adversaries to launch targeted attacks.

The other flaw is CVE-2019-2215, a vulnerability in Binder - Android's inter-process communication mechanism - that's said to have been allegedly exploited by the NSO Group as well as SideWinder threat actor to compromise a victim's device and collect user information.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/R1aqAMX8ezM/android-issues-patches-for-4-new-zero.html