You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Threat Intelligence Alert: Google Warns of New Android Zero-Day Being Exploited in the Wild
Key Details
CVE-2021-1048
Disclosure Date – 1st November 2021
CVSS Score – N/A
Affected Products – Before 2021-11-06 Security Patch Level
Exploit Released – Yes
Patch Available – Yes
Summary
On the 1st November, Google pushed out their security updates for Android, of which addresses 39 security flaws. Amongst these is the above zero-day vulnerability that is currently being exploited for targeted attacks by threat actors in the wild (CVE-2021-1048).
This vulnerability is a use-after-free flaw in the kernel which can be exploited to achieve privilege escalation. After successful exploitation, a threat actor could use a vulnerability such as this to execute arbitrary code on the victim’s system (which could include reading data or malware deployment).
The security patch also addressed the below critical vulnerabilities:
• CVE-2021-0918 and CVE-2021-0930 – System component vulnerabilities allowing remote code execution via a privileged process.
• CVE-2021-1924 and CVE-2021-1975 – Affect Qualcomm closed-source components.
Mitigation
NCC Group strongly recommend that any android device users (corporate devices and personal) install the 2021-11-06 Security Patch. More information can be found via the following link: https://source.android.com/security/bulletin/2021-11-01
NCC Group Actions
The NCC Group Threat Intelligence team is actively monitoring for further reports relating to this CVE.