ESET cybersecurity experts: It’s a banking trojan that has already targeted users from Poland, impersonating Bolt Food. Goal: to steal banking-cryptocurrency credentials.
Google fixed an Android critical zero-day vulnerability. It’s the CVE-2021-1048, which can be exploited for local escalation of privilege and to gain admin control over a targeted system. The security updates include 38 patches
Google fixed an Android zero-day vulnerability that may be under limited, targeted exploitation. It did in the November 2021 security updates, which include 39 patches, 18 of them plug flaws in the framework and system components and another 18 address vulnerabilities in the kernel and vendor components. The most critical flaw was the CVE-2021-1048, caused by a use-after-free (UAF) vulnerability in the kernel. It can be exploited for local escalation of privilege and, if paired with a remote code execution (RCE) flaw, an exploit could allow attackers to gain administrative control over a targeted system. There are no official confirmations, but it seems that the vulnerability has already been used for specific cybercrime attacks.