Unknown hackers have been exploiting four Android vulnerabilities that allow the execution of malicious code that can take complete control of devices, Google warned on Wednesday.
All four of the vulnerabilities were disclosed two weeks ago in Google’s Android Security Bulletin for May. Google has released security updates to device manufacturers, who are then responsible for distributing them to users.
Google’s May 3 bulletin initially didn’t report that any of the roughly 50 vulnerabilities it covered were under active exploitation. On Wednesday, Google updated the advisory to say that there are “indications” that four of the vulnerabilities “may be under limited, targeted exploitation.” Maddie Stone, a member of Google’s Project Zero exploit research group, removed the ambiguity. She declared on Twitter that the “4 vulns were exploited in-the-wild” as zero-days.