Google confirmed on Wednesday that there are indications of four Android vulnerabilities related to Qualcomm and ARM components have been exploited in the wild.
The original Android bulletin was posted on May 3 and contained details of 50 security vulnerabilities affecting Android devices.
Google since updated the bulletin with the new exploits discovered:
“There are indications that CVE-2021-1905, CVE-2021-1906, CVE-2021-28663 and CVE-2021-28664 may be under limited, targeted exploitation.”
According to the bulletin, CVE-2021-1905 and CVE-2021-1906 affect Qualcomm components. CVE-2021-28663 and CVE-2021-28664 impact ARM components.
Maddie Stone of Google’s Project Zero group also sent out a tweet confirming the exploits: