Google’s Project Zero team revealed that four Android security vulnerabilities were exploited in the wild as zero-day bugs before being patched in early May.

According to a recently updated version of the May 2021 Android Security Bulletin,

There are indications that CVE-2021-1905, CVE-2021-1906, CVE-2021-28663, and CVE-2021-28664 may be under limited, targeted exploitation.

Source

The four vulnerabilities impact Qualcomm Graphics and Arm Mali GPU Driver modules:

  • CVE-2021-1905 (CVSS score: 8.4) – Possible use-after-free flaw in Qualcomm’s graphics component due to improper handling of memory mapping of multiple processes simultaneously.
  • CVE-2021-1906 (CVSS score: 6.2) – Improper handling of address deregistration on failure can lead to new GPU address allocation failure.
  • CVE-2021-28663 (CVSS score: NA) – The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free.
  • CVE-2021-28664 (CVSS score: NA) – The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages.

If a threat actor successfully exploits these weaknesses, he could easily get access to the targeted device and take control over it. However, it is not clear how the attacks themselves were carried out, who may have been targeted, or the threat actors that may be abusing them.

This is one of the rare instances where zero-day bugs in Android have been spotted in real-world cyber offensives.

Back in March, a zero-day vulnerability tracked as CVE-2020-11261 had affected Android devices using Qualcomm chipsets, and from the data that Google provided, the threat actors were actively exploiting the vulnerability in the wild. The issue was then rated as high severity because it required local access to be exploited, meaning that attackers needed physical access to the vulnerable device.

Earlier this month, a security flaw affecting Qualcomm’s mobile station modems (MSM) was disclosed by Check Point’s research team, who claims that the vulnerability could be exploited to inject malicious code into the phone by using the Android OS as an entry point. The impacted chip(s) are reportedly responsible for connecting nearly 40% of all smartphones in the world, including high-end phones from Samsung and other OEMs.

cover photo for heimdal security news
2021.05.07 QUICK READ

Qualcomm’s Mobile Station Modems Vulnerability Puts Android Users’ Privacy at Risk

featured photo for heimdal news
2021.03.24 QUICK READ

An Android Vulnerability Exploited in the Wild, fixed by Google

android permissions - concept image
2020.10.16 INTERMEDIATE READ

Android Permissions Can Be Dangerous: Full Guide to Managing Them

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP