Google updates for Android close new zero-day

Google was released the monthly ones ασφαλείας για το Android με επιδιορθώσεις για 39 σφάλματα, συμπεριλαμβανομένης και μιας ς which the company said is currently being used in limited, targeted attacks.

android

Το κενό ασφαλείας περιγράφεται στο CVE-2021-1048, και πρόκειται για ένα (use-after-free vulnerability in the kernel) που μπορεί να αξιοποιηθεί για κλιμάκωση τοπικών προνομίων. Το συγκεκριμένο σφάλμα είναι επικίνδυνο, καθώς θα μπορούσε να επιτρέψει σε κάποιο κακόβουλο χρήστη να αποκτήσει or refer to memory after it is freed, leading to a “write-what-where” condition that leads to the execution of malicious code to gain control of a system.

"There is evidence that CVE-2021-1048 is already in limited use," the company said, without disclosing technical details about the vulnerability or identity of the attackers.

Google's security update also fixes two critical ones remote code execution (RCE) vulnerabilities (CVE-2021-0918 and CVE-2021-0930) in the System component that could allow remote attackers to run malicious code within a privileged process by sending a specially crafted command.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
zero-day, 0day, android, google, iguru

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).