Google has disclosed that a now-patched vulnerability affecting Android devices that use Qualcomm chipsets is being weaponized by adversaries to launch targeted attacks.
Tracked as CVE-2020-11261 (CVSS score 8.4), the flaw concerns an “improper input validation” issue in Qualcomm’s Graphics component that could be exploited to trigger memory corruption when an attacker-engineered app requests access to a huge chunk of the device’s memory.
“There are indications that CVE-2020-11261 may be under limited, targeted exploitation,” the search giant said in an updated January security bulletin on March 18.
CVE-2020-11261 was discovered and reported to Qualcomm by Google’s Android Security team on July 20, 2020, after which it was fixed in January 2021.
images from Hacker News