Select Page

Google has disclosed that a now-patched vulnerability affecting Android devices that use Qualcomm chipsets is being weaponized by adversaries to launch targeted attacks.

Tracked as CVE-2020-11261 (CVSS score 8.4), the flaw concerns an “improper input validation” issue in Qualcomm’s Graphics component that could be exploited to trigger memory corruption when an attacker-engineered app requests access to a huge chunk of the device’s memory.

“There are indications that CVE-2020-11261 may be under limited, targeted exploitation,” the search giant said in an updated January security bulletin on March 18.

CVE-2020-11261 was discovered and reported to Qualcomm by Google’s Android Security team on July 20, 2020, after which it was fixed in January 2021.

images from Hacker News