Tuesday, October 15, 2024
HomeCVE/vulnerabilityGoogle Warns of a New Android Zero-Day Vulnerability Is Under Active Attack

Google Warns of a New Android Zero-Day Vulnerability Is Under Active Attack

Published on

Malware protection

Google has recently acknowledged about the threat actors who are using Qualcomm chipset as their weapon to launch different targeted attacks.

Google warns everyone regarding a new zero-day vulnerability that was patched recently, and this new vulnerability is only affecting Android devices. After detecting this new flaw Google tracked this Android vulnerability as CVE-2020-11261.

According to the report of Google, this new flaw mainly focuses on improper input validation issues that are present on Qualcomm’s graphics.

- Advertisement - SIEM as a Service

However, the chief component of these graphics could easily be exploited, and as a result, it increases the memory corruption when a threat actor request access to a large portion of the memory of the device.

Zero-day flaw

  • CVE ID: CVE-2020-11261
  • CVSS Score: 8.4
  • Severity: High
  • Component: Display

This new Android Zero-day vulnerability CVE-2020-11261 was initially determined by Google’s team of Android Security on July 20, 2020. After detecting the vulnerability, Google has reported this vulnerability to Qualcomm, and later it got fixed in January 2021.

Moreover, the security team also affirmed that they have noticed some implications of CVE-2020-11261 that are might be limited in the targeted exploitation.

Not only this but as we said above that this vulnerability is continuously targeting all the Android devices, and this vulnerability is mainly focusing on improper input validation issues which are accessible in Qualcomm’s graphics.

Flaw in Qualcomm’s graphics component

After investigating the whole vulnerability the analyst of the security team has confirmed that this new Zero-day vulnerability is affecting Qualcomm’s graphics component.

Not only this but the new Zero-day vulnerability also influencing the Qualcomm closed-source components. However, these affected components could be utilized to increase memory corruption when a threat actor directly requests access to a large chunk of the device’s memory. 

Apart from this, the security team of Google has yet not released the identity of the threat actors, also the victims that are targeted in this vulnerability. 

Generally, Google does not share any information regarding the victim or the threat actors, but, here, the main motive of doing this is that Google wants to stop other threat actors from taking any type of advantage.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hackers Allegedly Selling Data Stolen from Cisco

A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc.The...

Fortigate SSLVPN Vulnerability Exploited in the Wild

A critical vulnerability in Fortinet's FortiGate SSLVPN appliances, CVE-2024-23113, has been actively exploited in...

Splunk Enterprise Vulnerabilities let Attackers Execute Remote Code

Splunk has disclosed multiple vulnerabilities affecting its Enterprise product, which could allow attackers to...

OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Fortigate SSLVPN Vulnerability Exploited in the Wild

A critical vulnerability in Fortinet's FortiGate SSLVPN appliances, CVE-2024-23113, has been actively exploited in...

Splunk Enterprise Vulnerabilities let Attackers Execute Remote Code

Splunk has disclosed multiple vulnerabilities affecting its Enterprise product, which could allow attackers to...

OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on...