8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
Google on Wednesday updated its May 2021 Android Security Bulletin to disclose that four of the security vulnerabilities that were patched earlier this month by Arm and Qualcomm may have been exploited in the wild as zero-days.
“There are indications that CVE-2021-1905, CVE-2021-1906, CVE-2021-28663 and CVE-2021-28664 may be under limited, targeted exploitation,” the search giant said in an updated alert.
The four flaws impact Qualcomm Graphics and Arm Mali GPU Driver modules —
Successful exploitation of the weaknesses could grant an adversary carte blanche access to the targeted device and take over control. It’s, however, not clear how the attacks themselves were carried out, the victims that may have been targeted, or the threat actors that may be abusing them.
The development marks one of the rare instances where zero-day bugs in Android have been spotted in real-world cyber offensives.
Earlier this March, Google revealed that a vulnerability affecting Android devices that use Qualcomm chipsets (CVE-2020-11261) was being weaponized by adversaries to launch targeted attacks. The other flaw is CVE-2019-2215, a vulnerability in Binder — Android’s inter-process communication mechanism — that’s said to have been allegedly exploited by the NSO Group as well as SideWinder threat actor to compromise a victim’s device and collect user information.
Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C