Android Patches 4 New Zero-Day Vulnerabilities Exploited in the Wild
The May 2021 Android Security Bulletin Revealed That the Security Flaws Were Patched Earlier This Month by Arm and Qualcomm.
Google’s Project Zero team revealed that four Android security vulnerabilities were exploited in the wild as zero-day bugs before being patched in early May.
According to a recently updated version of the May 2021 Android Security Bulletin,
There are indications that CVE-2021-1905, CVE-2021-1906, CVE-2021-28663, and CVE-2021-28664 may be under limited, targeted exploitation.
The four vulnerabilities impact Qualcomm Graphics and Arm Mali GPU Driver modules:
- CVE-2021-1905 (CVSS score: 8.4) – Possible use-after-free flaw in Qualcomm’s graphics component due to improper handling of memory mapping of multiple processes simultaneously.
- CVE-2021-1906 (CVSS score: 6.2) – Improper handling of address deregistration on failure can lead to new GPU address allocation failure.
- CVE-2021-28663 (CVSS score: NA) – The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free.
- CVE-2021-28664 (CVSS score: NA) – The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages.
Android has updated the May security with notes that 4 vulns were exploited in-the-wild.
Qualcomm GPU: CVE-2021-1905, CVE-2021-1906
ARM Mali GPU: CVE-2021-28663, CVE-2021-28664https://t.co/mT8vE2Us74
— Maddie Stone (@maddiestone) May 19, 2021
If a threat actor successfully exploits these weaknesses, he could easily get access to the targeted device and take control over it. However, it is not clear how the attacks themselves were carried out, who may have been targeted, or the threat actors that may be abusing them.
This is one of the rare instances where zero-day bugs in Android have been spotted in real-world cyber offensives.
Back in March, a zero-day vulnerability tracked as CVE-2020-11261 had affected Android devices using Qualcomm chipsets, and from the data that Google provided, the threat actors were actively exploiting the vulnerability in the wild. The issue was then rated as high severity because it required local access to be exploited, meaning that attackers needed physical access to the vulnerable device.
Earlier this month, a security flaw affecting Qualcomm’s mobile station modems (MSM) was disclosed by Check Point’s research team, who claims that the vulnerability could be exploited to inject malicious code into the phone by using the Android OS as an entry point. The impacted chip(s) are reportedly responsible for connecting nearly 40% of all smartphones in the world, including high-end phones from Samsung and other OEMs.