Android Vulnerability Fixed in January Are Being Exploited By Hackers

Google has discovered signs of a known vulnerability in Android being exploited in real attacks against a limited number of users.

We are talking about the vulnerability CVE-2020-11261 in the Qualcomm graphics component, which is present in all Android devices that use Qualcomm chipsets, and was fixed in January this year.

The vulnerability could cause a memory corruption error when a malicious application requests access to a large portion of the device's memory. However, it can only be exploited locally, that is, an attacker can deliver his malicious code to the system only through an application already installed on the attacked device, having physical access to it.

Attacking these vulnerabilities is troublesome, but it seems that at least one cybercriminal group was not afraid of difficulties. As reported on Monday, March 22nd, by Ben Hawkes of Google Project Zero, CVE-2020-11261 is already being exploited in limited targeted attacks.

Details about the attacks, as well as who is behind them and who became the victim, have not yet been disclosed. The Google Threat Analysis Group is currently investigating. Whether the aforementioned vulnerability was used in a global hacking campaign recently disclosed by Google experts against users of Android, iOS and Windows devices is also not specified.

Previous Post Next Post