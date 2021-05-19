



Google warned on Wednesday that an unknown hacker could exploit four Android vulnerabilities to execute malicious code that could take full control of the device.

All four vulnerabilities were published in Google Android Security Bulletin in May two weeks ago. Google has released a security update to device manufacturers. The device manufacturer is responsible for distributing the patch to users.

Google’s May 3 bulletin initially did not report that any of the approximately 50 vulnerabilities it covered were being actively exploited. On Wednesday, Google updated its advisory stating that there are signs that four vulnerabilities may be under targeted exploitation. Maddie Stone, a member of Google’s Project Zero Exploit Research Group, has removed the ambiguity. She declared on Twitter that four vulnerabilities were actually exploited as zero-day attacks.

Android updated its security in May and added a note that four vulnerabilities were actually exploited.

Qualcomm GPU: CVE-2021-1905, CVE-2021-1906ARM Mali GPU: CVE-2021-28663, CVE-2021-28664 https: //t.co/mT8vE2Us74

Maddiestone (@maddiestone) May 19, 2021 Full control

Asaf Peleg, vice president of strategic projects for security firm Zimperium, said in an email that a successful exploit of the vulnerability would give the victim full control over their mobile endpoints. From elevating privileges beyond the privileges available by default to executing code outside the current process in the existing sandbox, the device is completely at risk and there is no secure data.

So far, four Android zero-day vulnerabilities have been disclosed this year, compared to one for 2020 as a whole, according to Zimperium figures.

Two of the vulnerabilities are in the Qualcomms Snapdragon CPU, which powers most Android devices in the United States and a huge number of mobile phones abroad. CVE-2021-1905 is a memory corruption flaw that allows an attacker to execute malicious code with unlimited root privileges because the initial vulnerability has been tracked. This vulnerability is severely classified and has a rating of 7.8 out of 10.

Another vulnerability, CVE-2021-1906, is a logical flaw that can cause new GPU memory address allocation to fail. The severity is 5.5. Hackers often circumvent security protection by chaining two or more exploits together. This may be the case for two Snapdragon flaws.

Two other vulnerabilities under attack are in drivers running on ARM graphics processors. Both CVE-2021-28663 and CVE-2021-28664 are memory corruption flaws that allow an attacker to gain root access on a vulnerable device.

No practical advice from Google

There are no other details about field attacks. Google representatives didn’t reply to emails asking how to check if a user was targeted.

Due to the skills needed to exploit the vulnerability, some researchers speculate that the attack is likely to be the job of a state-sponsored hacker.

The complexity of this mobile attack vector is not unheard of, but it is outside the capabilities of an attacker with rudimentary or intermediate knowledge of hacking mobile endpoints, Peleg said. An attacker using this vulnerability could be using it as part of a large campaign against individuals, businesses, or governments aimed at stealing sensitive personal information.

Someone hasn’t figured out exactly how to exploit the vulnerability. An attacker could send a malicious text message, trick a target into installing a malicious app, or visit a malicious website.

Without more practical information from Google, it is impossible to provide useful advice to Android users, except that you need to make sure that all updates are installed. Users of Google’s Android devices will automatically receive the patch on the May Security Rollout. Users of other devices should check with the manufacturer.

