Newsletter
Join thousands of people who receive the latest breaking cybersecurity news every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
Share this article:
Google’s Android November 2021 security updates plug 18 flaws in the framework and system components and 18 more in the kernel and vendor components.
Among Google’s November Android security updates is a patch for a zero-day weakness that “may be under limited, targeted exploitation,” the company said.
Out of this month’s batch of 39 patches, 18 of them plug flaws in the framework and system components and another 18 address vulnerabilities in the kernel and vendor components.
Google described the one that attackers may be picking apart – CVE-2021-1048 – as caused by a use-after-free (UAF) vulnerability in the kernel. UAF bugs allow for code substitution by using a dangling pointer in dynamic memory. In this case, it can be exploited for local escalation of privilege and, when paired with a remote code execution (RCE) bug, an exploit could allow attackers to gain administrative control over a targeted system.
Infosec Insiders Newsletter
The internet titan kept its lips zipped about the specifics of the attacks exploiting CVE-2021-1048, but the fact that they’re targeted raises the possibility of nation-state advanced persistent threat (APT) groups carrying them out for espionage.
There’s precedent for that: Earlier this year, Android devices were targeted in an espionage campaign that adapted the LodaRAT – known for targeting Windows devices – to also go after Android devices in a campaign that targeted Bangladesh.
The most severe of the updates address two critical remote code execution (RCE) vulnerabilities – tracked as CVE-2021-0918 and CVE-2021-0930 – in the System component. The flaws could enable a remote attacker to execute arbitrary code within the context of a privileged process by sending a specially crafted transmission to targeted devices.
“The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed,” according to the security update.
There are two more critical security flaws addressed in this month’s patches: CVE-2021-1924 and CVE-2021-1975, both of which affect Qualcomm components.
Yet another critical flaw can be found in Android TV remote service – which allows Android phones or tablets to be used as a remote for an Android TV. This one’s another RCE, tracked as CVE-2021-0889. A nearby attacker who manages to exploit CVE-2021-0889 could creep up, silently pair with a TV, and execute arbitrary code with no privileges or user interaction required.
Another 29 bugs are rated as high-severity, with patches addressing vulnerabilities in the Framework, Media Framework, System, kernel, Android TV, MediaTek and Qualcomm components.
Google issued a separate security advisory for Pixel devices.
Check out our free upcoming live and on-demand online town halls – unique, dynamic discussions with cybersecurity experts and the Threatpost community.
Share this article:
Researchers discovered 14 vulnerabilities in the ‘Swiss Army Knife’ of the embedded OS used in many OT and IoT environments. They allow RCE, denial of service and data leaks.
Researchers have spotted a second, worldwide campaign exploiting the Zoho zero-day: one that’s breached defense, energy and healthcare organizations.
CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices – phones, PCs, toys, etc. – to DoS & code execution.



This site uses Akismet to reduce spam. Learn how your comment data is processed.
Join thousands of people who receive the latest breaking cybersecurity news every day.
The @FBI has seen an uptick in attacks against tribal casinos, with the #ransomware groups Bitpaymer, Conti, Cuba,… https://t.co/9aL0HRLNsn
4 days ago
Get the latest breaking news delivered daily to your inbox.
The First Stop For Security News
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.

source