Threat Watch

Android Zero-day Actively Being Exploited

Tracked as CVE-2020-11261 and getting a CVSS score of 8.4, a now-patched vulnerability affecting Android devices that use the Qualcomm chipsets is being weaponized by attackers, according to Google. Google stated on March 18th that there may be limited targeted exploitation of the vulnerability. The exploitation could trigger memory corruption when an attacker-engineered app requests access to a considerable chunk of device memory. The vulnerability was initially reported to Google on July 20th, 2020, and a patch was released in January 2021. The access vector for the vulnerability is “local”, meaning attackers either need physical access to the device or use other means such as a watering-hole attack to gain access. Specifics about the threat actor exploiting the vulnerability and how they are doing it have not been released, which is typical for the Google Security Team, as a means to prevent other actors from taking advantage of the vulnerability.

ANALYST NOTES

A patch for this vulnerability has been released. All android users should ensure that they have the most up-to-date software on their device. Good security practices should also be utilized, such as being wary of what links and associated sites are visited and what apps are installed. Understanding what permissions are allowed on a device should also be considered a way to practice safe use. Android pushes monthly security patches to their devices and those should be downloaded as soon as they are released.

More can be read here: https://thehackernews.com/2021/03/warning-new-android-zero-day.html?web_view=true&m=1