Rolling out to users since early May, the latest Android security update patches over 40 flaws, including four with a severity rating of critical.

This week, Google Project Zero researcher Maddie Stone pointed out on Twitter that the security bulletin has been updated with a note on some bugs being exploited in the wild.

A total of four security issues, rated high and medium severity, “may be under limited, targeted exploitation,” Google notes in the updated bulletin.

Two of the flaws impact Qualcomm components and are tracked as CVE-2021-1905 (high severity) and CVE-2021-1906 (medium risk). Both were identified in the graphics component and patches were rolled out by the vendor in May 2021.