CISA Orders Governmental Agencies To Patch Exploitable Android Driver
CISA has directed federal agencies to address a high-severity privilege escalation flaw in the Arm Mali GPU kernel driver, listed as actively exploited and resolved in the latest Android security updates. The vulnerability, known as CVE-2021-29256, allows attackers to gain root privileges or access sensitive information on targeted Android devices by manipulating GPU memory. Additionally, Google has patched two more security flaws in this month's Android updates, including a memory leak flaw in the Arm Mali GPU driver used for delivering spyware to Samsung devices and a critical integer overflow bug in Google's Skia, previously exploited as a zero-day vulnerability in the Chrome web browser. Read more...