CISA ordered federal companies as we speak to patch a high-severity Arm Mali GPU kernel driver privilege escalation flaw added to its listing of actively exploited vulnerabilities and addressed with this month’s Android safety updates.
The flaw (tracked as CVE-2021-29256) is a use-after-free weak point that may let attackers escalate to root privileges or acquire entry to delicate info on focused Android units by permitting improper operations on GPU reminiscence.
“A non-privileged Person could make improper operations on GPU reminiscence to achieve entry to already freed reminiscence and could possibly acquire root privilege, and/or disclose info,” Arm’s advisory reads.
“This concern is fastened in Bifrost and Valhall GPU Kernel Driver r30p0 and glued in Midgard Kernel Driver r31p0 launch. Customers are really helpful to improve if they’re impacted by this concern.”
With this month’s safety updates for the Android working system, Google patched two extra safety flaws tagged as being exploited in assaults.
CVE-2023-26083 is a medium-severity reminiscence leak flaw within the Arm Mali GPU driver leveraged in December 2022 as a part of an exploit chain that delivered spyware and adware to Samsung units.
A 3rd vulnerability, tracked as CVE-2023-2136 and rated as important severity, is an integer overflow bug present in Google’s Skia, an open-source multi-platform 2D graphics library. Notably, Skia is used with the Google Chrome internet browser, the place it was addressed in April as a zero-day bug.
Federal companies ordered to safe Android units inside 3 weeks
U.S. Federal Civilian Government Department Businesses (FCEB) have been given till July twenty eighth to safe their units in opposition to assaults concentrating on the CVE-2021-29256 vulnerability added to CISA’s listing of Identified Exploited Vulnerabilities as we speak.
Based on the binding operational directive (BOD 22-01) issued in November 2021, federal companies are sure to totally assess and deal with any safety flaws outlined in CISA’s KEV catalog.
Though the catalog primarily focuses on U.S. federal companies, it is also strongly really helpful that non-public firms prioritize and patch all vulnerabilities listed in CISA’s catalog.
“All these vulnerabilities are frequent assault vectors for malicious cyber actors and pose vital dangers to the federal enterprise,” CISA warned as we speak.
Earlier this week, the cybersecurity company warned that attackers behind the TrueBot malware operation exploit a important distant code execution (RCE) vulnerability within the Netwrix Auditor software program for preliminary entry to targets’ networks.
One week earlier, CISA additionally warned of distributed denial-of-service (DDoS) assaults concentrating on U.S. organizations throughout a number of business sectors.
