Google: hackers are actively exploiting 4 zero-day vulnerabilities in Android in the wild

Google disclosed the latest security vulnerabilities discovered by researchers in a security bulletin issued earlier this month. The company has currently fixed the vulnerabilities and provided the patch to the manufacturer.

Whether users can obtain security updates in time to block these vulnerabilities is entirely up to the manufacturer, and if the manufacturer cannot actively fix it, it will become a threat.

In fact, some of these vulnerabilities have become huge security threats. When Google disclosed the vulnerabilities, it did not reveal that some of the vulnerabilities had been exploited by hackers.

Later, Google updated its security bulletin, stating that some of the vulnerabilities may be subject to limited and targeted use, but this statement is still vague.

Android devices malware

“The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications.” reads the Android Security Bulletin. “There are indications that CVE-2021-1905, CVE-2021-1906, CVE-2021-28663 and CVE-2021-28664 may be under limited, targeted exploitation.”

Research members of the Google Project Zero released a message to say: four of these security vulnerabilities have been exploited by hackers in the wild.

And these vulnerabilities were exploited before Google fixes them, so these vulnerabilities can be classified as zero-day vulnerabilities, and these vulnerabilities are also high-risk vulnerabilities.

As for why Google did not disclose the vulnerability information the first time and stated that this is a zero-day vulnerability, it is not yet clear. Is it because it wants to deliberately conceal certain information?

But no matter what, the key task now is for Android device manufacturers to fix vulnerabilities quickly, otherwise, hackers who discover vulnerabilities over time will make more use of them and become more widely used.

What’s worse is that these vulnerabilities are very harmful, so high that hackers can use the vulnerabilities to directly increase to the highest authority or escape from the sandbox.

Therefore, if the vulnerability can be successfully exploited, the target device can be completely controlled by the hacker, and the victim data contained in it will naturally be leaked.

Among them, CVE-2021-1905 is a memory corruption vulnerability, which is located in the Qualcomm Snapdragon processor. Hackers can use this vulnerability to directly increase administrator privileges.

CVE-2021-1906 is a logic vulnerability. Hackers can use this vulnerability to cause GPU address allocation failure and cooperate with other vulnerabilities to bypass system security defenses.

There are also two vulnerabilities in the driver of the ARM graphics processor, which are also memory corruption vulnerabilities, which can be used to increase privileges to execute unrestricted arbitrary code.

This time, Google’s uncharacteristically failed to disclose the details of the vulnerability in a timely and effective manner is surprising. Generally, the company is more active in disclosing the vulnerability and publicizing the details.

Moreover, after analysis by a security company, it was discovered that hackers who actively exploited the vulnerabilities had specific goals, which looked like espionage rather than regular profitability purposes.

At the same time, although Google researchers admitted that this is a zero-day vulnerability, Google did not release more details about the vulnerability and do not know the details of these exploits.

At present, when a third-party security company makes recommendations, users should contact the Android device manufacturer, urging the manufacturer to quickly release the May update to block the vulnerability.