Google has disclosed that a now-patched vulnerability influencing Android products that use Qualcomm chipsets is being weaponized by attackers to launch qualified assaults.
Tracked as CVE-2020-11261 (CVSS score 8.4), the flaw worries an “poor input validation” concern in Qualcomm’s Graphics part that could be exploited to induce memory corruption when an attacker-engineered app requests entry to a large chunk of the device’s memory.
“There are indications that CVE-2020-11261 may well be under constrained, targeted exploitation,” the look for large reported in an up to date January security bulletin on March 18.
CVE-2020-11261 was discovered and reported to Qualcomm by Google’s Android Stability workforce on July 20, 2020, immediately after which it was preset in January 2021.
It can be value noting that the access vector for the vulnerability is “nearby,” which means that exploitation necessitates neighborhood obtain to the machine. In other text, to launch a productive assault, the terrible actor will have to either have bodily access to the susceptible smartphone or use other signifies – e.g., a watering hole – to deliver malicious code and set off the attack chain.
Even though details about the attacks, the identification of the attacker, and the focused victims have not been produced, it is not uncommon for Google to withhold sharing these types of information and facts to avoid other threat actors from having gain of the vulnerability.
If something, the progress the moment yet again underscores the require to immediately set up month-to-month protection updates as before long as they are accessible to avoid Android units from becoming exploited. We have arrived at out to Google for remark and will update this short article if we hear back.