Android Patches Actively Exploited Zero-Day Kernel Bug

Google’s Android November 2021 security updates plug 18 flaws in the framework and system components and 18 more in the kernel and vendor components.

Among Google’s November Android security updates is a patch for a zero-day weakness that “may be under limited, targeted exploitation,” the company said.

Out of this month’s batch of 39 patches, 18 of them plug flaws in the framework and system components and another 18 address vulnerabilities in the kernel and vendor components.

Use-After-Free Flaw in the Kernel

Google described the one that attackers may be picking apart – CVE-2021-1048 – as caused by a use-after-free (UAF) vulnerability in the kernel. UAF bugs allow for code substitution by using a dangling pointer in dynamic memory. In this case, it can be exploited for local escalation of privilege and, when paired with a remote code execution (RCE) bug, an exploit could allow attackers to gain administrative control over a targeted system.

The internet titan kept its lips zipped about the specifics of the attacks exploiting CVE-2021-1048, but the fact that they’re targeted raises the possibility of nation-state advanced persistent threat (APT) groups carrying them out for espionage.

There’s precedent for that: Earlier this year,

Read More: https://threatpost.com/android-patches-exploited-kernel-bug/175931/