Google was released the monthly ones updates ασφαλείας για το Android με επιδιορθώσεις για 39 σφάλματα, συμπεριλαμβανομένης και μιας vulnerabilityς zero-day which the company said is currently being used in limited, targeted attacks.
Το κενό ασφαλείας περιγράφεται στο CVE-2021-1048, και πρόκειται για ένα zero-day (use-after-free vulnerability in the kernel) που μπορεί να αξιοποιηθεί για κλιμάκωση τοπικών προνομίων. Το συγκεκριμένο σφάλμα είναι επικίνδυνο, καθώς θα μπορούσε να επιτρέψει σε κάποιο κακόβουλο χρήστη να αποκτήσει access or refer to memory after it is freed, leading to a “write-what-where” condition that leads to the execution of malicious code to gain control of a system.
"There is evidence that CVE-2021-1048 is already in limited use," the company said, without disclosing technical details about the vulnerability or identity of the attackers.
Google's security update also fixes two critical ones vulnerabilities remote code execution (RCE) vulnerabilities (CVE-2021-0918 and CVE-2021-0930) in the System component that could allow remote attackers to run malicious code within a privileged process by sending a specially crafted command.