An Android Vulnerability Exploited in the Wild, fixed by Google
A zero-day vulnerability affecting Android devices that use Qualcomm chipsets was addressed. Data shows the vulnerability was actively exploited in the wild.
Tracked as CVE-2020-11261, the zero-day vulnerability had affected Android devices using Qualcomm chipsets, and from the data that Google provided, the threat actors are actively exploiting the vulnerability in the wild.
The CVE-2020-11261 flaw represents an improper input validation in Graphics, which was rated with a CVSS score of 8.4, which is pretty high.
Memory corruption due to improper check to return an error when user application requests memory allocation of a huge size.
The vulnerability could’ve been exploited through an attacker-engineered app that requests access to a huge portion of the device’s memory.
There are indications that CVE-2020-11261 may be under limited, targeted exploitation.
The vulnerability in question, tracked as CVE-2020-11261, was patched by Google with the Android security updates released in January 2021.
The vulnerability is a high-severity improper input validation issue affecting a display/graphics component from Qualcomm. The flaw was reported to Qualcomm through Google in July 2020 and it affects a long list of chips.
The CVE-2020-11261 flaw was reported to Qualcomm by Google’s Android Security team on August 20, 2020, and was addressed in January 2021.
The issue was then rated as high severity because it requires local access to be exploited, this means that attackers need physical access to the vulnerable device.
Google has given credit to security researcher Man Yue Mo for reporting the vulnerability. The researcher earned significant bug bounties from Google over the past few years for finding and reporting potentially serious Chrome bugs.
Google disclosed last week that a sophisticated threat actor had used at least 11 zero-day vulnerabilities as part of a huge spying campaign. The APT hacker group leveraged watering hole attacks in order to deliver malware to Windows, Android, and iOS devices, but for the time being it’s unclear if the CVE-2020-11261 has been exploited by this group.