Google has introduced its regular security updates for the Android working technique, addressing 46 new software package vulnerabilities. Amid these, three vulnerabilities have been discovered as actively exploited in qualified attacks.
A person of the vulnerabilities tracked as CVE-2023-26083 is a memory leak flaw impacting the Arm Mali GPU driver for Bifrost, Avalon, and Valhall chips. This particular vulnerability was exploited in a prior attack that enabled adware infiltration on Samsung equipment in December 2022.
This vulnerability was regarded as really serious ample to prompt the Cybersecurity and Infrastructure Security Agency (CISA) to issue a patching purchase for federal companies in April 2023.
One more considerable vulnerability, discovered as CVE-2021-29256, is a higher-severity issue that influences precise versions of the Bifrost and Midgard Arm Mali GPU kernel motorists. This flaw permits an unprivileged person to acquire unauthorized obtain to delicate info and escalate privileges to the root level.
The 3rd exploited vulnerability, CVE-2023-2136, is a critical-severity bug found in Skia, Google’s open up-source multi-system 2D graphics library. It was in the beginning disclosed as a zero-day vulnerability in the Chrome browser and permits a remote attacker who has taken in excess of the renderer process to carry out a sandbox escape and apply distant code on Android units.
Aside from these, Google’s July Android security bulletin highlights yet another critical vulnerability, CVE-2023-21250, affecting the Android System part. This issue can cause remote code execution devoid of consumer interaction or supplemental execution privileges, earning it specifically precarious.
These security updates are rolled out in two patch stages. The preliminary patch amount, created readily available on July 1, focuses on main Android elements, addressing 22 security flaws in the Framework and Method components.
Impending WEBINAR🔐 Privileged Obtain Management: Study How to Conquer Important Troubles
Explore unique methods to conquer Privileged Account Management (PAM) issues and stage up your privileged access security method.
Reserve Your Spot
The next patch stage, released on July 5, targets kernel and closed resource factors, tackling 20 vulnerabilities in Kernel, Arm, Creativeness Systems, MediaTek, and Qualcomm factors.
It’s significant to take note that the influence of the resolved vulnerabilities may well extend past the supported Android versions (11, 12, and 13), likely affecting more mature OS versions no for a longer time obtain official help.
Google has more introduced certain security patches for its Pixel products, dealing with 14 vulnerabilities in Kernel, Pixel, and Qualcomm components. Two of these critical weaknesses could outcome in privilege elevation and denial-of-provider attacks.
Discovered this short article attention-grabbing? Comply with us on Twitter and LinkedIn to read through much more special material we post.
Some pieces of this report are sourced from: