According to an Android Security Bulletin released on November 1st, 2021, a high-risk zero-day software vulnerability affecting the Google Android OS (operating system) was discovered. The November 2021 Android security updates contained around 40 security fixes, including fixes for a dangerous zero-day vulnerability. A vulnerability of this kind is particularly alarming because it is discovered by malicious threat actors before developers have a chance to mitigate it -hence the ‘zero’ days left to fix the issue. Additionally, zero-day scenarios often point to sophisticated cybercrime with particular motivations, such as nation-state cybercrime. Android (Google) has already patched several dangerous security flaws this year in 2021, which has been a record year for zero-day exploits.
The software vulnerability, in this case, affects Google Android and is confirmed as being exploited in the wild by malicious threat actors. This high-risk vulnerability is being tracked under ID code CVE-2021-1048 and is marked as ‘RESERVED’ on an official CVE database which means that it is undergoing analysis, and the full details are not yet published.
Android, owned by Google (which is also very much prone to security incidents), is the most widely used mobile platform by far. Given that it is an open-source platform, Android is known for experiencing vulnerabilities and threats, whether that pertains to risky Android apps or bugs in the OS software itself.
Exploited Vulnerability in Google Android
According to the Android Security Bulletin, “There are indications that CVE-2021-1048 may be under limited, targeted exploitation.” There is no information at this time about how exactly cybercriminals are leveraging this security flaw for malicious purposes.
Vulnerability CVE-2021-1048 is a ‘Use-after-free‘ flaw. The vulnerability allows a malicious application to escalate privileges on the system. The vulnerability exists due to a use-after-free error in the Android kernel component within the epoll_loop_check_proc() function. A malicious application can trigger a use-after-free error and execute arbitrary code with kernel privileges.
Vulnerable Software Versions
The following versions of Google Android are vulnerable to the exploit;
Google Android: 9 2021-09-01, 9 2021-09-05, 9 2021-10-01, 9 2021-10-05, 9 2021-11-01, 9 2021-11-05, 9.0, 9.0 2020-12-05, 9.0 2021-04-01, 9.0 2021-04-05, 9.0 2021-05-01, 9.0 2021-05-05, 9.0 2021-06-01, 9.0 2021-06-05, 10 2021-09-01, 10 2021-09-05, 10 2021-10-01, 10 2021-10 05, 10 2021-11-01,10 2021-11-05, 10.0, 10.0 2020-12-05, 10.0 2021-04-01, 10.0 2021-04-05, 10.0 2021-05-01, 10.0 2021-05-05, 10.0 2021-06-01, 10.0 2021-06-05, 11 2021-09-01, 11 2021-09-05, 11 2021-10-01, 11 2021-10-05, 11 2021-11-01, 11 2021-11-05, 11.0, 11.0 2020-12-05, 11.0 2021-04-01, 11.0 2021-04-05, 11.0 2021-05-01, 11.0 2021-05-05, 11.0 2021-06-01, 11.0 2021-06-05, 12, 12 2021-11-01, 12 2021-11-05
Important User Information
A patch has been released that remediates the security alert. Users should ensure that they are running the latest version of Android and that automatic updates are left enabled. Users and administrators should also follow these recommendations from the Center for Internet Security (CIS);
- Apply appropriate updates by Google Android or mobile carriers to vulnerable systems, immediately after appropriate testing.
- Users should only download applications from trusted vendors in the Play Store.
- Users should not visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Users should not open hypertext links contained in emails or attachments, especially from un-trusted sources.