Google on Monday announced the availability of the November 2021 security updates for Android and warned that one of the patched vulnerabilities has been exploited in attacks.
The zero-day vulnerability is tracked as CVE-2021-1048 and Google says there is evidence that the flaw has been exploited in limited, targeted attacks. The internet giant described it as a use-after-free bug in the kernel that can be exploited for local privilege escalation.
No other information has been provided about the attacks exploiting CVE-2021-1048, but the targeted nature of the attacks suggests that they have been carried out by a state-sponsored threat group, likely for espionage purposes.
Based on data provided by Google, this is the sixth Android vulnerability exploited in malicious attacks in 2021.
The November 2021 Android updates patch a total of nearly 40 vulnerabilities, and Google says the most severe of them affects the System component and can allow a remote attacker to execute arbitrary code in the context of a privileged process.
Critical severity ratings have been assigned to vulnerabilities affecting the System, Android TV, and Qualcomm components. High-severity issues — roughly 30 bugs have this severity rating — have been addressed in the Framework, Media Framework, System, Kernel, Android TV, MediaTek and Qualcomm components.
Google has published a separate advisory to describe the 10 vulnerabilities patched in its Pixel devices this month.
Related: Google Android Security Update Patches 40 Vulnerabilities
Related: Recently Patched Android Vulnerability Exploited in Attacks
Related: Google: Four Recently Patched Android Vulnerabilities Exploited in Attacks

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- FDA Announces New Cybersecurity Requirements for Medical Devices
- Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months
- Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks
- 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component
- OpenSSL 1.1.1 Nears End of Life: Security Updates Only Until September 2023
- Google Links More iOS, Android Zero-Day Exploits to Spyware Vendors
- ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation
- Thousands Access Fake DDoS-for-Hire Websites Set Up by UK Police
Latest News
- Italy Temporarily Blocks ChatGPT Over Privacy Concerns
- FDA Announces New Cybersecurity Requirements for Medical Devices
- Report: Chinese State-Sponsored Hacking Group Highly Active
- Votiro Raises $11.5 Million to Prevent File-Borne Threats
- Lumen Technologies Hit by Two Cyberattacks
- Leaked Documents Detail Russia’s Cyberwarfare Tools, Including for OT Attacks
- Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months
- Severe Azure Vulnerability Led to Unauthenticated Remote Code Execution
