{"id":2875,"date":"2024-11-05T16:21:43","date_gmt":"2024-11-05T16:21:43","guid":{"rendered":"https:\/\/aegislens.com\/home\/?p=2875"},"modified":"2024-11-05T16:21:43","modified_gmt":"2024-11-05T16:21:43","slug":"google-successfully-patches-two-android-zero-days-exploited-in-specific-assaults","status":"publish","type":"post","link":"https:\/\/aegislens.com\/home\/google-successfully-patches-two-android-zero-days-exploited-in-specific-assaults\/","title":{"rendered":"Google Successfully Patches Two Android Zero-Days Exploited in Specific Assaults"},"content":{"rendered":"
\n

Google Fixes Two Android Zero-Days Used in Targeted Attacks<\/h1>\n

Google has patched two zero-day vulnerabilities within its Android software, which had been actively exploited as part of a series of sophisticated targeted attacks.<\/strong><\/p>\n

As part of a broader November security update effort, Google addressed a total of 51 vulnerabilities.<\/p>\n

The most significant fixes are related to two zero-days identified as CVE-2021-39675 and CVE-2021-39674.<\/p>\n

Beefing up Android Security<\/h2>\n

Google’s Android is the world’s most popular mobile operating system, powering billions of devices across the globe.<\/p>\n

However, its ubiquity also makes it a lucrative target for attackers.<\/p>\n

In line with its commitment to strengthening Android security, Google provided fixes for the two zero-day vulnerabilities, which were reportedly exploited in the wild.<\/p>\n

The first vulnerability, CVE-2021-39675, is a use-after-free flaw in the system component, which, when exploited, could enable a malicious application to gain access to additional permissions.<\/p>\n

The second vulnerability, CVE-2021-39674, relates to a flaw within the Android runtime that could also potentially widen the permissions granted to a malicious application.<\/p>\n

Targeted Attacks<\/h2>\n

Both vulnerabilities were reportedly used as part of targeted attacks.<\/p>\n

Sophisticated cybercriminals typically exploit these types of flaws to acquire sensitive user data, or to gain control over affected devices.<\/p>\n

Even though both vulnerabilities required attackers to have access to the target application to exploit, their risks were increased due to their zero-day status, which means they were unknown to Google until after the attacks had commenced.<\/p>\n

Their widespread usage within a brief period also suggested that threat actors had likely purchased these vulnerabilities from a third-party provider or discovered them independently.<\/p>\n

Regular Patch Updates: A Necessity In Today\u2019s Cyber Landscape<\/h2>\n

This incident reaffirms the importance of keeping operating systems and software patched and up-to-date.<\/p>\n

It is crucial for users to accept and install these updates promptly to minimize their exposure to potential threats.<\/p>\n

Moreover, businesses must adopt proactive strategies to manage and deploy patches across the enterprise, ensuring that all devices are protected and secure from emerging cyber threats.<\/p>\n

Follow-Up Reading<\/h2>\n