Google Warns Of Four Actively Attacked 0-Day Android leaks

Google is warning Android users of four actively attacked zero-day leaks in parts from chip manufacturers Qualcomm and ARM. This means that more zero-days have already been discovered this year than in the whole of 2020 combined. At the beginning of this month, Google released security updates for the vulnerabilities, but they had already been attacked before that. In addition, the attacks are still taking place. Furthermore, the question is whether all Android devices have already received the patches.

The vulnerabilities, CVE-2021-1905, CVE-2021-1906, CVE-2021-28663 and CVE-2021-28664, are present in the Qualcomm and ARM GPU drivers and allow an attacker to gain root privileges and retrieve information. Qualcomm says that the vulnerabilities can only be exploited by a local user. This could be via a rogue app, or if attackers have gained access to the device via another security vulnerability.

Google works with so-called patch levels, where a date indicates the patch level. Devices that receive the May updates will have '2021-05-01' or '2021-05-05' as the patch level. According to Google, manufacturers of Android devices were informed about the vulnerabilities at least a month ago and have been able to develop updates during that time. However, that does not mean that all Android devices will receive these updates. Some devices are no longer supported with updates from the manufacturer or the manufacturer will release the updates at a later time.


Further details about the attacks, such as exactly how they take place and which users they target, are not provided. This year, Google has already registered 26 zero-day leaks that were actively exploited before a security update was available. For the whole of 2020, the tech company came out on 25 zero days. Most zero-day leaks this year were found in Apple WebKit (6), Android (5), Google Chrome (4) and Microsoft Exchange (4).

Previous Post Next Post