Google quietly slipped updates into its May 3 Android security bulletin for bugs that its Project Zero group has confirmed are zero-days. These four bugs make up a full two-thirds of the six total bugs to be exploited in the wild since 2014. The bugs could give attackers complete control of Android devices, experts say. Google disclosed only one zero-day vulnerability in Android in 2020, according to security firm Zimperium. NSO Group, maker of Pegasus mobile spyware, has long insisted that its products are meant to be used to fight terrorism and crime.
Source: https://threatpost.com/android-bugs-exploited-wild/166347/