Google has updated its May 2021 Android security bulletin to alert users that four vulnerabilities appear to have been exploited in attacks.
Rolling out to users since early May, the latest Android security update patches over 40 flaws, including four with a severity rating of critical.
This week, Google Project Zero researcher Maddie Stone pointed out on Twitter that the security bulletin has been updated with a note on some bugs being exploited in the wild.
A total of four security issues, rated high and medium severity, “may be under limited, targeted exploitation,” Google notes in the updated bulletin.
Two of the flaws impact Qualcomm components and are tracked as CVE-2021-1905 (high severity) and CVE-2021-1906 (medium risk). Both were identified in the graphics component and patches were rolled out by the vendor in May 2021.
A use-after-free issue, CVE-2021-1905 was reported to Qualcomm in November 2020, and exists because of “improper handling of memory mapping of multiple processes simultaneously.”
CVE-2021-1906 was described as an “improper handling of address deregistration on failure,” which could lead to new GPU address allocation failure. The bug was reported to the vendor in December 2020.
Both of the remaining exploited flaws affect ARM components (the Mali GPU kernel driver) and were disclosed by ARM in March 2021. Tracked as CVE-2021-28663 and CVE-2021-28664, the bugs could lead to improper operations on GPU memory and elevation of CPU RO pages to writable, respectively.
A non-privileged user able to exploit these flaws could gain root permissions, access information, corrupt memory, or modify the memory of other processes.
Users are advised to apply the latest Android patches as soon as possible, to ensure they are protected from any exploitation attempts.
Related: Android Updates for May 2021 Patch Over 40 Vulnerabilities
Related: Google Patches Critical Code Execution Vulnerability in Android
Related: Google Patches Critical Remote Code Execution Vulnerability in Android
More from Ionut Arghire
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- Blumira Raises $15 Million for SMB-Tailored XDR Platform
- KeePass Update Patches Vulnerability Exposing Master Password
- Google Workspace Gets Passkey Authentication
- Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
- Apple Unveils Upcoming Privacy and Security Features
- Dozens of Malicious Extensions Found in Chrome Web Store
- Microsoft Makes SMB Signing Default Requirement in Windows 11 to Boost Security
Latest News
- OWASP’s 2023 API Security Top 10 Refines View of API Risks
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- Blumira Raises $15 Million for SMB-Tailored XDR Platform
- Microsoft Will Pay $20M to Settle US Charges of Illegally Collecting Children’s Data
- KeePass Update Patches Vulnerability Exposing Master Password
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Keep Aware Raises $2.4M to Eliminate Browser Blind Spots
