The vulnerability is classified as severe, with a rating of 7.8 out of 10. CVE-2021-1905, as the first vulnerability is tracked, is a memory-corruption flaw that allows attackers to execute malicious code with unfettered root privileges. Two of the vulnerabilities are in Qualcomm’s Snapdragon CPU, which powers the majority of Android devices in the US and a massive number of handsets overseas. So far, there have been four Android zero-day vulnerabilities disclosed this year, compared with one for all of 2020, according to figures from Zimperium. “From elevating privileges beyond what is available by default to executing code outside of the current process’s existing sandbox, the device would be fully compromised, and no data would be safe.” Successful exploits of the vulnerabilities “would give complete control of the victim’s mobile endpoint,” Asaf Peleg, vice president of strategic projects for security firm Zimperium, said in an email. Android has updated the May security with notes that 4 vulns were exploited in-the-wild.
