Security News > 2021 > May > May Android security updates patch 4 zero-days exploited in the wild

According to info provided by Google's Project Zero team, four Android security vulnerabilities were exploited in the wild as zero-day bugs before being patched earlier this month.
Attacks attempting to exploit these flaws were targeted and impacted a limited number of users based on information shared after this month's Android security updates were published.
"There are indications that CVE-2021-1905, CVE-2021-1906, CVE-2021-28663 and CVE-2021-28664 may be under limited, targeted exploitation," a recently updated version of the May 2021 Android Security Bulletin reveals.
Qualcomm and Arm have published further details on each vulnerability via security advisories issued separately [1, 2]. Android users are recommended to install this month's security updates as soon as possible if they are impacted by these issues.
This month's Android security updates also include patches for critical vulnerabilities in the System component that could be exploited by remote attackers using specially crafted files to execute arbitrary malicious code within the context of a privileged process.
To put things into perspective, more than 9% of all Android devices are still running Android 8.1 Oreo, and roughly 19% Android Pie 9.0, according to StatCounter data.
News URL
Related news
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV) (source)
- Serbian police used Cellebrite zero-day hack to unlock Android phones (source)
- Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-10 | CVE-2021-28664 | Out-of-bounds Write vulnerability in ARM products The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. | 8.8 |
2021-05-10 | CVE-2021-28663 | Use After Free vulnerability in ARM products The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. | 8.8 |
2021-05-07 | CVE-2021-1906 | Unspecified vulnerability in Qualcomm products Improper handling of address deregistration on failure can lead to new GPU address allocation failure. | 5.5 |
2021-05-07 | CVE-2021-1905 | Use After Free vulnerability in Qualcomm products Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. | 7.8 |