Security News > 2021 > May > Four Android Bugs Being Exploited in the Wild

Four Android Bugs Being Exploited in the Wild
2021-05-20 16:50

Google updated its May 3 Android security bulletin on Wednesday to say that there are "Indications" that four of the 50 vulnerabilities "May be under limited, targeted exploitation." That was mostly confirmed by Maddie Stone, a member of Google's Project Zero exploit research group, who clarified on Twitter that the "4 vulns were exploited in-the-wild" as zero-days.

These four bugs make up a full two-thirds of the six total bugs to be exploited in the wild since 2014, according to Google's tracking spreadsheet.

Is finding four zero-days really all that great? These four bugs could give attackers complete control of Android devices.

As Check Point Research reported in early May, a vulnerability in a 5G modem data service could allow a malicious app to exploit the issue, opening up Android phones to attackers being able to eavesdrop, inject, malicious code into a phone's modem, access call histories and text messages: a problem that could affect up to 30 percent of Android phones.

As The Record reported, two of the zero-days have previously been exploited in the wild: CVE-2020-11261, a bug in the Qualcomm graphics component that was patched in the January 2021 Android security bulletin, and CVE-2019-2215, an Android exploit that Project Zero believes was developed by exploit broker NSO Group and was allegedly being used, abused and sold to its customers throughout 2019.

Only Android phones that use Arm or Qualcomm GPUs are affected by these bugs.


News URL

https://threatpost.com/android-bugs-exploited-wild/166347/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-06-09 CVE-2020-11261 Improper Input Validation vulnerability in Qualcomm products
Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-20
7.8
2019-10-11 CVE-2019-2215 Use After Free vulnerability in multiple products
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel.
local
low complexity
google debian canonical netapp huawei CWE-416
7.8