Google’s monthly Android security patches address 39 problems, including a zero-day vulnerability that is being actively exploited for targeted attacks.
According to Google, this vulnerability in the kernel can be exploited for local privilege escalation. This allows a threat actor to access memory after it has been freed and seize control of a victim’s system by executing malicious codes.
Vulnerability found
- CVE-2021-1048
Google published the patch in November without disclosing the vulnerability’s technical specifications, the nature of the intrusions, or the identity of the attackers who may have exploited the hole.
With this update, Google also patched two other RCE vulnerabilities
- CVE-2021-0918
- CVE-2021-0930
Since the beginning of the year, Google has patched a total of six zero-day vulnerabilities in Android with the newest set of upgrades. Users are advised to update their android to the latest patched version before being exploited. Even if you don’t think yourself to be a target for latest attacks, it’s worth updating, as the security patches fix numerous other flaws also.