Android phones under attack by zero-day flaws — protect yourself now

Android phones under assault by nada-twenty-four hours flaws — protect yourself at present

Android 12 release date, beta and features

(Image credit: Photo Illustration by Mateusz Slodkowski/SOPA Images/LightRocket via Getty Images)

The May 2021 Android security update fixes iv zero-day flaws in Qualcomm and ARM chips that are actively being exploited past unnamed hackers, Google quietly disclosed yesterday (May 19) in an update to May 3's Android Security Bulletin.

"There are indications that CVE-2021-1905, CVE-2021-1906, CVE-2021-28663 and CVE-2021-28664 may exist under limited, targeted exploitation," Google said in a i-sentence highlighted note.

Chrome on Android will let you gear up compromised passwords with ane click
The best Android antivirus software
Plus: Google I/O 2021 epitomize: Android 12, Clothing OS, Project Starline and more

The "CVE" numbers are how computer-security pros refer to known vulnerabilities. According to Google Project Cypher researcher Maddie Rock, who tweeted out the bulletin update, two of the flaws involve Qualcomm graphics processors, while the other two affect ARM Mali GPUs. At least ii of the flaws permit total arrangement takeover.

Android has updated the May security with notes that 4 vulns were exploited in-the-wild. Qualcomm GPU: CVE-2021-1905, CVE-2021-1906ARM Mali GPU: CVE-2021-28663, CVE-2021-28664https://t.co/mT8vE2Us74May 19, 2021

Encounter more

"Limited, targeted exploitation" seems to imply that these flaws are being used in attacks by state-sponsored hackers (i.east., international cyberspies) confronting specific persons or organizations.

Nosotros've seen many limited, targeted attacks on both Android and iOS flaws past Chinese security services against Tibetan and Uyghur dissidents, for example, but there'due south no indication who the participants might exist hither.

Update your Android phone, and brand sure it'southward even so getting updates

To protect yourself against such exploits, make certain to install the May Android security patches as soon equally your device gets them. Google'due south own Pixel devices should exist able to install them already, and it'south likely that recent flagship phones from Samsung and OnePlus will have them now or before long.

Other phones may take to expect a long fourth dimension, or forever, to get the May Android update. That'southward why yous should exist fussy well-nigh the Android phone you utilize, especially if y'all're someone cyberspies might target: a defense contractor, data-security professional, political activist, journalist, diplomat, corporate executive, politician or active-duty service member.

If your Android device isn't getting Google'southward Android security updates within 60 days of their release, or is non longer getting the updates at all, then it'southward time for a new phone.

Snapdragon fries afflicted, and root at risk

Qualcomm's ain May 2021 security bulletin gives CVE-2021-1905 a "loftier" security threat rating and says the outcome has to do with "use after complimentary." That implies the flaw leaves a certain amount of running memory unprotected, making information technology possible for malware to get a hook into running processes. Information technology affects roughly 300 Qualcomm chipsets, including many of the Snapdragon chips that power flagship phones.

CVE-2021-1906 is less astringent, with a "medium" threat rating. It's classified as a "detection of mistake condition without action in graphics," due to "improper handling of address deregistration on failure [which] tin can atomic number 82 to new GPU accost allocation failure."

We're not quite sure what that means, but nosotros'd guess it has to practise with a procedure failing "open" and letting potential attackers get their hooks in. Information technology affects about 350 Qualcomm chipsets, many of them the same as the other flaw.

ARM addressed the flaws back in March, describing CVE-2021-28663 as permitting "a non-privileged user" -- i.due east., anyone or anything -- to exploit a "utilize-afterwards-gratuitous scenario" in graphics memory to "gain root privilege, and/or disclose information."

ARM didn't give this one a severity rating, just gaining root -- seizing full control of the system -- is pretty high up in that location.

CVE-2021-28664 also lets an attacker gain root, every bit well equally "corrupt memory and modify the memory of other processes." This is done by getting "write admission to read-only retention," which is pretty interesting.

These flaws affect ARM'southward Midgard, Bifrost and Valhall (no A) GPU kernel drivers, which makes us wonder where Asgard might be.

At the fourth dimension of ARM'southward security bulletin in March, the Bifrost and Valhall drivers had been patched, and Midgard's was on the way. Presumably, that patch is part of May's Android updates also.

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry melt, long-haul driver, code monkey and video editor. He'southward been rooting around in the information-security space for more than xv years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown upward in random Tv set news spots and even moderated a console discussion at the CEDIA home-engineering briefing. You can follow his rants on Twitter at @snd_wagenseil.