Jump to content
  • Android July security updates fix three actively exploited bugs


    Karlston

    • 711 views
    • 2 minutes
     Share


    • 711 views
    • 2 minutes

    Google has released the monthly security updates for Android operating system, which comes with fixes for 46 vulnerabilities. Three of the issues are likely actively exploited in the wild.

     

    “There are indications that the following [vulnerabilities] may be under limited, targeted exploitation,” reads Google’s bulletin, highlighting CVE-2023-26083, CVE-2021-29256, and CVE-2023-2136.

     

    CVE-2023-26083 is a medium-severity memory leak flaw in the Arm Mali GPU driver for Bifrost, Avalon, and Valhall chips, which was leveraged in an exploit chain that delivered spyware to Samsung devices in December 2022.

     

    The vulnerability was deemed sufficiently severe to trigger a CISA order for federal agencies to patch it in April 2023.

     

    CVE-2021-29256 is a high-severity (CVSS v3.1: 8.8) unprivileged information disclosure and root privilege escalation flaw also impacting specific versions of the Bifrost and Midgard Arm Mali GPU kernel drivers.

     

    The third vulnerability is a critical-severity one with a score of 9.6 out of 10, identified as CVE-2023-2136. It is an integer overflow bug in Skia, Google’s open-source multi-platform 2D graphics library that is also used in Chrome, where it was fixed in April.

     

    The most severe of the security problems that Google fixed this month is CVE-2023-21250, a critical vulnerability in Android’s System component that impacts Android versions 11, 12, and 13.

     

    Exploiting CVE-2023-21250 could lead to remote code execution with no user interaction or additional execution privileges, Google says without providing extra details.

     

    The update follows the standard system of releasing two patch levels, one (2023-07-01) for core Android components (framework) and a second (2023-07-05) for kernel and closed source components, allowing device manufacturers to selectively apply what concerns their models’ hardware.

     

    Those getting the first patch level receive the current month’s framework updates and both levels of the previous month, in this case, June 2023.

     

    Users who see the second patch level on their update screen get all the above, plus the July 2023 vendor and kernel patches.

     

    This month’s Android security update covers Android versions 11, 12, and 13, but depending on the scope of the addressed vulnerabilities, they may impact older OS versions that are no longer supported.

     

    In those cases, replacing your device with a newer model or installing a third-party Android distribution that implements security updates for older devices, albeit at a delay, would be advisable.

     

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...