Google patches Android zero-day vulnerability exploited in the wild

Google patches Android zero-day vulnerability exploited in the wild

Google has released the Android Security Bulletin for November 2021 with patches for 36 vulnerabilities, to include five High risk bugs and one zero-day being exploited in the wild.

According to the Android security update, two of the most severe vulnerabilities (CVE-2021-0918 and CVE-2021-0930) are in the system components that could allow “a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.”

CVE-2021-0918 affects Android Open Source Project (AOSP) version 12, whereas CVE-2021-0930 impacts AOSP versions 9, 10, 11, ad 12.

Moreover, Google warned that one High severity vulnerability (CVE-2021-1048) “may be under limited, targeted exploitation.” This vulnerability could lead to a local escalation of privilege due to a use after free flaw in the Kernel component of Android.

Additional fixed Critical vulnerabilities worth noting include the following flaws:

  • CVE-2021-0889: Remote code execution in Android TV Remote Service.
  • CVE-2021-1924: Qualcomm closed-source components.
  • CVE-2021-1975: Qualcomm closed-source components.

Users can check their device’s security patch level by following this Google support link: Check and update your Android version.

Related Articles

Tags: , , , , , , ,