disclosed two weeks ago in Google’s Android Security Bulletin for May. Google has released security updates to device manufacturers, who are then responsible for distributing the patches to users.
Google’s May 3 bulletin initially didn’t report that any of the roughly 50 vulnerabilities it covered were under active exploitation. On Wednesday, Google updated the advisory to say that there are “indications” that four of the vulnerabilities “may be under limited, targeted exploitation.” Maddie Stone, a member of Google’s Project Zero exploit research group, removed the ambiguity. She declared on Twitter that the “4 vulns were exploited in-the-wild” as zero-days.
Read 10 remaining paragraphs | Comments