Google has launched its month-to-month safety updates for the Android working system, addressing 46 new software program vulnerabilities. Amongst these, three vulnerabilities have been recognized as actively exploited in focused assaults.
One of many vulnerabilities tracked as CVE-2023-26083 is a reminiscence leak flaw affecting the Arm Mali GPU driver for Bifrost, Avalon, and Valhall chips. This explicit vulnerability was exploited in a earlier assault that enabled adware infiltration on Samsung units in December 2022.
This vulnerability was thought to be severe sufficient to immediate the Cybersecurity and Infrastructure Safety Company (CISA) to difficulty a patching order for federal businesses in April 2023.
One other vital vulnerability, recognized as CVE-2021-29256, is a high-severity difficulty that impacts particular variations of the Bifrost and Midgard Arm Mali GPU kernel drivers. This flaw permits an unprivileged consumer to realize unauthorized entry to delicate knowledge and escalate privileges to the foundation stage.
The third exploited vulnerability, CVE-2023-2136, is a critical-severity bug found in Skia, Google’s open-source multi-platform 2D graphics library. It was initially disclosed as a zero-day vulnerability within the Chrome browser and permits a distant attacker who has taken over the renderer course of to carry out a sandbox escape and implement distant code on Android units.
Apart from these, Google’s July Android safety bulletin highlights one other important vulnerability, CVE-2023-21250, affecting the Android System element. This difficulty may cause distant code execution with out consumer interplay or extra execution privileges, making it significantly precarious.
These safety updates are rolled out in two patch ranges. The preliminary patch stage, made accessible on July 1, focuses on core Android parts, addressing 22 safety defects within the Framework and System parts.
🔐 Privileged Entry Administration: Be taught The best way to Conquer Key Challenges
Uncover completely different approaches to beat Privileged Account Administration (PAM) challenges and stage up your privileged entry safety technique.
The second patch stage, launched on July 5, targets kernel and closed supply parts, tackling 20 vulnerabilities in Kernel, Arm, Creativeness Applied sciences, MediaTek, and Qualcomm parts.
It is vital to notice that the influence of the addressed vulnerabilities might prolong past the supported Android variations (11, 12, and 13), doubtlessly affecting older OS variations not obtain official help.
Google has additional launched explicit safety patches for its Pixel units, coping with 14 vulnerabilities in Kernel, Pixel, and Qualcomm parts. Two of those important weaknesses may lead to privilege elevation and denial-of-service assaults.
