
image credit: pixabay
Tracked as CVE-2022-22706, the exploited bug is a kernel driver issue that Arm fixed in January 2022, but which had been targeted in attacks before that, Google reported in March 2023.
Despite known exploitation, however, Google and other Android vendors took more than a year to incorporate the patches for CVE-2022-22706 in their software updates.
Last month, Google resolved another Android bug exploited by spyware vendors as a zero-day. Tracked as CVE-2023-0266, the issue is described as a moderate-severity kernel flaw leading to privilege escalation.