08/11/2021
UPDATE ALL YOUR ANDROID DEVICES NOT ASAP, NOW ‼
Google has rolled out its month-to-month protection patches for Android with fixes for 39 flaws, such as a zero-day vulnerability that it stated is being actively exploited withinside the wild in limited, centered attacks.
Tracked as CVE-2021-1048, the zero-day malicious program is defined as a use-after-loose vulnerability withinside the kernel that may be exploited for neighborhood privilege escalation. Use-after-loose problems are risky as it can allow a danger actor to get entry to or referencing reminiscence after it's been freed, main to a "write-what-where" situation that outcomes withinside the ex*****on of arbitrary code to advantage manage over a victim's system.
"There are indicators that CVE-2021-1048 can be below limited, centered exploitation," the enterprise referred to in its November advisory with out revealing technical info of the vulnerability, the character of the intrusions, and the identities of the attackers that can have abused the flaw.
Also remediated withinside the protection patch are crucial faraway code ex*****on (RCE) vulnerabilities — CVE-2021-0918 and CVE-2021-0930 — withinside the System thing that would permit faraway adversaries to execute malicious code in the context of a privileged technique through sending a specially-crafted transmission to centered devices.
Two extra crucial flaws, CVE-2021-1924 and CVE-2021-1975, have an effect on Qualcomm closed-supply components, whilst a 5th crucial vulnerability in Android TV (CVE-2021-0889) may want to allow an attacker in near proximity to silently pair with a TV and execute arbitrary code and not using a privileges or person interplay required.
With the brand new spherical of updates, Google has addressed a complete of six zero-days in Android because the begin of the year
✅ CVE-2020-11261 (CVSS score: 8.4) - Improper input validation in Qualcomm Graphics component
✅ CVE-2021-1905 (CVSS score: 8.4) - Use-after-free in Qualcomm Graphics component
✅ CVE-2021-1906 (CVSS score: 6.2) - Detection of error condition without action in Qualcomm Graphics component
✅ CVE-2021-28663 (CVSS score: 8.8) - Mali GPU Kernel Driver allows improper operations on GPU memory
✅ CVE-2021-28664 (CVSS score: 8.8) - Mali GPU Kernel Driver elevates CPU RO pages to writable
Like this article, don't forget to follow Tech10 on facebook
https://www.facebook.com/tech10cs
