Android Patches An Actively Exploited Zero-Day Kernel Bug!

Android Patches An Actively Exploited Zero-Day Kernel Bug!

Google’s Android Nov. 2021 security updates plug 18 flaws in the framework & system components & 18 more in the kernel & vendor components.

Among Google’s Nov. Android security updates is a patch for a zero-day weakness that “may be under limited, targeted exploitation,” the company commented.

Out of this month’s batch of 39 patches, 18 of them plug flaws in the framework & system components & another 18 address vulnerabilities in the kernel & vendor components.

Use-After-Free Flaw

Google described the 1 that attackers may be picking apart – CVE-2021-1048 – as caused by a use-after-free (UAF) vulnerability in the kernel. UAF bugs allow for code substitution by using a dangling pointer in dynamic memory.

In this case, it can be exploited for local escalation of privilege &, when paired with a remote code execution (RCE) bug, an exploit could allow attackers to gain administrative control over a targeted system.

The internet giant kept quiet about the specifics of the attacks exploiting CVE-2021-1048, but the fact that they are targeted raises the possibility of nation-state advanced persistent threat (APT) groups carrying them out for espionage.

There’s precedent for that: Earlier this year, Android devices were targeted in an espionage campaign that adapted the Loda RAT – known for targeting Windows devices – to also go after Android devices in a campaign that targeted Bangladesh.

Severe Issues

The most severe of the updates address 2 critical remote code execution (RCE) vulnerabilities – tracked as CVE-2021-0918 and CVE-2021-0930 – in the System component. The flaws could enable a remote attacker to execute arbitrary code within the context of a privileged process by sending a specially crafted transmission to targeted devices.

“The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform & service mitigations are turned off for development purposes or if successfully bypassed,” according to the security update.

Critical Security Flaws

There are 2 more critical security flaws addressed in this month’s patches: CVE-2021-1924 & CVE-2021-1975, both of which affect Qualcomm components.

Yet another critical flaw can be found in Android TV remote service – which allows Android phones or tablets to be used as a remote for an Android TV. This one is another RCE, tracked as CVE-2021-0889. A nearby attacker who manages to exploit CVE-2021-0889 could creep up, silently pair with a TV, & execute arbitrary code with no privileges or user interaction required.

High-Severity Issues

Another 29 bugs are rated as high severity, with patches addressing vulnerabilities in the Framework, Media Framework, System, kernel, Android TV, MediaTek & Qualcomm components.

Google issued a separate security advisory for Pixel devices.

https://www.cybernewsgroup.co.uk/virtual-conference-november-2021/

 

SHARE ARTICLE