Google Successfully Patches Two Android Zero-Days Exploited in Specific Assaults
Google Fixes Two Android Zero-Days Used in Targeted Attacks
Google has patched two zero-day vulnerabilities within its Android software, which had been actively exploited as part of a series of sophisticated targeted attacks.
As part of a broader November security update effort, Google addressed a total of 51 vulnerabilities.
The most significant fixes are related to two zero-days identified as CVE-2021-39675 and CVE-2021-39674.
Beefing up Android Security
Google’s Android is the world’s most popular mobile operating system, powering billions of devices across the globe.
However, its ubiquity also makes it a lucrative target for attackers.
In line with its commitment to strengthening Android security, Google provided fixes for the two zero-day vulnerabilities, which were reportedly exploited in the wild.
The first vulnerability, CVE-2021-39675, is a use-after-free flaw in the system component, which, when exploited, could enable a malicious application to gain access to additional permissions.
The second vulnerability, CVE-2021-39674, relates to a flaw within the Android runtime that could also potentially widen the permissions granted to a malicious application.
Targeted Attacks
Both vulnerabilities were reportedly used as part of targeted attacks.
Sophisticated cybercriminals typically exploit these types of flaws to acquire sensitive user data, or to gain control over affected devices.
Even though both vulnerabilities required attackers to have access to the target application to exploit, their risks were increased due to their zero-day status, which means they were unknown to Google until after the attacks had commenced.
Their widespread usage within a brief period also suggested that threat actors had likely purchased these vulnerabilities from a third-party provider or discovered them independently.
Regular Patch Updates: A Necessity In Today’s Cyber Landscape
This incident reaffirms the importance of keeping operating systems and software patched and up-to-date.
It is crucial for users to accept and install these updates promptly to minimize their exposure to potential threats.
Moreover, businesses must adopt proactive strategies to manage and deploy patches across the enterprise, ensuring that all devices are protected and secure from emerging cyber threats.