Skip to Content

Google’s Project Zero found exploitable vulnerabilities

Updated on 2022-11-24

Google’s Project Zero found five exploitable vulnerabilities in the ARM Mali GPU driver used in a large number of Android devices, but despite contacting ARM and patching the flaws they remain exploitable as Android phone vendors haven’t pushed the patches downstream. Read more: Mind the Gap

Overview: Android zero-day write-up

Project Zero’s Maddie Stone has published an analysis of three Android zero-day vulnerabilities (CVE-2021-25337, CVE-2021-25369, CVE-2021-25370) that were used as part of an exploit chain in attacks against Samsung device users. All three zero-days were patched in March this year. Read more: A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain

“TAG believes belonged to a commercial surveillance vendor. These exploits were likely discovered in the testing phase. The sample is from late 2020. The chain merited further analysis because it is a 3 vulnerability chain where all 3 vulnerabilities are within Samsung custom components, including a vulnerability in a Java component.”

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.