Security News > 2021 > May > May Android security updates patch 4 zero-days exploited in the wild
According to info provided by Google's Project Zero team, four Android security vulnerabilities were exploited in the wild as zero-day bugs before being patched earlier this month.
Attacks attempting to exploit these flaws were targeted and impacted a limited number of users based on information shared after this month's Android security updates were published.
"There are indications that CVE-2021-1905, CVE-2021-1906, CVE-2021-28663 and CVE-2021-28664 may be under limited, targeted exploitation," a recently updated version of the May 2021 Android Security Bulletin reveals.
Qualcomm and Arm have published further details on each vulnerability via security advisories issued separately [1, 2]. Android users are recommended to install this month's security updates as soon as possible if they are impacted by these issues.
This month's Android security updates also include patches for critical vulnerabilities in the System component that could be exploited by remote attackers using specially crafted files to execute arbitrary malicious code within the context of a privileged process.
To put things into perspective, more than 9% of all Android devices are still running Android 8.1 Oreo, and roughly 19% Android Pie 9.0, according to StatCounter data.
News URL
Related news
- New LianSpy malware hides by blocking Android security feature (source)
- Google fixes Android kernel zero-day exploited in targeted attacks (source)
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- Microsoft discloses Office zero-day, still working on a patch (source)
- AMD won’t patch Sinkclose security bug on older Zen CPUs (source)
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) (source)
- Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability (source)
- Android Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw (source)
- Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-10 | CVE-2021-28664 | Out-of-bounds Write vulnerability in ARM products The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. | 8.8 |
| 2021-05-10 | CVE-2021-28663 | Use After Free vulnerability in ARM products The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. | 8.8 |
| 2021-05-07 | CVE-2021-1906 | Improper Handling of Exceptional Conditions vulnerability in Qualcomm products Improper handling of address deregistration on failure can lead to new GPU address allocation failure. | 2.1 |
| 2021-05-07 | CVE-2021-1905 | Use After Free vulnerability in Qualcomm products Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. | 7.2 |