Google Alerts on Active Exploitation of New Android Zero-Day Vulnerability

November 3, 2021

Google has released its latest monthly security updates for Android, addressing 39 vulnerabilities, including a zero-day exploit that is currently being targeted in limited attacks. Identified as CVE-2021-1048, this zero-day flaw is characterized as a use-after-free vulnerability in the kernel, which could allow local privilege escalation. Use-after-free vulnerabilities pose significant risks, enabling attackers to access or reference memory that has already been freed. This could lead to a “write-what-where” scenario, allowing arbitrary code execution and potential control over a victim’s device. “There are indications that CVE-2021-1048 may be under limited, targeted exploitation,” Google stated in its November advisory, while withholding specific technical details about the exploit, the nature of the attacks, and the identities of any potential perpetrators. The security patch also addresses two critical vulnerabilities among the other fixes.

Google Alerts on Newly Discovered Android Zero-Day Exploited in Targeted Attacks

November 3, 2021

Google has announced the release of its monthly security updates for the Android operating system, which include fixes for 39 vulnerabilities. Among these is a critical zero-day vulnerability identified as CVE-2021-1048, which the company has confirmed is actively being exploited in a series of limited, targeted attacks. This zero-day issue is categorized as a use-after-free vulnerability found within the kernel, presenting a significant risk for local privilege escalation.

The nature of this vulnerability is particularly alarming. Use-after-free flaws can lead to conditions where memory previously allocated for use is accessed after it has been freed. This situation can provoke a “write-what-where” condition, allowing malicious actors to execute arbitrary code, potentially gaining full control over the affected system. Google’s advisory pointed out indicators suggesting that CVE-2021-1048 is indeed subject to targeted exploitation, although specific technical details regarding the intrusions and the attackers involved have not been disclosed.

As for the scope of targeting, business users and Android device owners are advised to remain vigilant. Although Google has not revealed the exact demographics of those affected, the nature of targeted attacks typically implies a focus on particular organizations or individuals that the attackers deem valuable.

With respect to geographical implications, the target audience primarily consists of users based in the United States, where Android remains a widely used mobile operating system among both consumers and enterprise organizations. As businesses increasingly rely on mobile devices for operational efficiency, vulnerabilities such as these pose notable risks that could lead to data breaches or unauthorized access to critical corporate information.

In terms of potential tactics and techniques employed by the attackers, considerations from the MITRE ATT&CK framework could offer insights. Initial access methods may have been leveraged to embed malicious code, while privilege escalation techniques likely played a role in exploiting the zero-day vulnerability. Such methodologies enhance the attackers’ capability to manipulate system processes without detecting their presence.

Organizations using Android devices are strongly encouraged to implement the latest security updates immediately. As cyber threats continue to evolve, proactive measures, including regular system updates and vigilant monitoring of network activity, are essential for safeguarding valuable digital assets. Google’s prompt response in issuing patches exemplifies the ongoing commitment to maintaining security within its ecosystem, yet the existence of such vulnerabilities underscores the need for heightened vigilance in today’s cybersecurity landscape.

As the situation develops, further insights may emerge about the exploits that harness CVE-2021-1048. Staying informed and prompt in remediating these vulnerabilities is critical for business owners looking to navigate the risks associated with mobile device functionalities effectively.

Source link

Related Posts

Cisco Issues Patches for Three Critical Vulnerabilities in IOS XE Software

On September 24, 2021, Cisco Systems announced the release of patches to address three critical security vulnerabilities in its IOS XE network operating system. These flaws could allow remote attackers to execute arbitrary code with administrative privileges and potentially trigger a denial-of-service (DoS) condition on affected devices. The identified vulnerabilities are as follows:

  • CVE-2021-34770 (CVSS score: 10.0) – Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution Vulnerability
  • CVE-2021-34727 (CVSS score: 9.8) – Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability
  • CVE-2021-1619 (CVSS score: 9.8) – Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability

The most critical issue, CVE-2021-34770, is described by Cisco as a “logic error” occurring during the processing of CAPWAP (Control and Provisioning of Wireless Access Points) packets, which allows a central wireless controller to manage access points.

SonicWall Releases Critical Patches for Vulnerability in SMA 100 Series Devices

On September 25, 2021, SonicWall, a network security firm, addressed a serious security vulnerability identified in its Secure Mobile Access (SMA) 100 series appliances. This flaw allows remote, unauthorized attackers to gain administrative access to the affected devices. Designated as CVE-2021-20034, the issue involves arbitrary file deletion and has a critical CVSS score of 9.1 out of 10. Exploiting this vulnerability could enable an adversary to bypass path traversal checks, leading to deletion of files and a reset of the device to factory settings. SonicWall indicated that the vulnerability stems from inadequate file path restrictions, potentially allowing arbitrary file deletions. Fortunately, the company noted that there are currently no signs of exploitation in the wild. SonicWall also acknowledged Wenxu Yin of Alpha Lab, Qihoo 360, for reporting this security concern, which affects the SMA 100 Series, including models like SMA 200 and SMA 210.

Critical Chrome Update Released to Fix Actively Exploited Zero-Day Flaw

On September 25, 2021, Google issued an urgent security patch for its Chrome web browser to address a vulnerability that is currently being exploited. Identified as CVE-2021-37973, the issue is categorized as a “use after free” flaw within the Portals API, a system that facilitates seamless navigation between web pages. Clément Lecigne from Google’s Threat Analysis Group reported the vulnerability. While detailed information about the flaw has not been shared to protect users, Google confirmed that an exploit for CVE-2021-37973 is known to be in use. This update comes shortly after Apple patched a related exploit affecting older versions of iOS and macOS (CVE-2021-30869).

Urgent: Update Google Chrome Now to Fix 2 New Actively Exploited Zero-Day Vulnerabilities

On October 1, 2021, Google released critical security updates for its Chrome browser, addressing two newly discovered vulnerabilities currently being exploited. These mark the fourth and fifth zero-day flaws resolved this month. The vulnerabilities, identified as CVE-2021-37975 and CVE-2021-37976, relate to a use-after-free issue in the V8 JavaScript and WebAssembly engine, as well as an information leak in the core. As is standard practice, Google has withheld specific details about the attacks to ensure that users can quickly install the necessary updates. However, the company confirmed that “exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild.” CVE-2021-37975 was reported by an anonymous researcher, while CVE-2021-37976 was identified by Clément Lecigne from Google’s Threat Analysis Group.