Google has launched its month-to-month security updates for the Android running procedure, addressing 46 new computer software vulnerabilities. Among these, 3 vulnerabilities have been recognized as actively exploited in qualified attacks.
One particular of the vulnerabilities tracked as CVE-2023-26083 is a memory leak flaw influencing the Arm Mali GPU driver for Bifrost, Avalon, and Valhall chips. This specific vulnerability was exploited in a past attack that enabled adware infiltration on Samsung devices in December 2022.
This vulnerability was regarded as critical plenty of to prompt the Cybersecurity and Infrastructure Security Company (CISA) to issue a patching get for federal organizations in April 2023.
Another considerable vulnerability, discovered as CVE-2021-29256, is a large-severity issue that influences specific variations of the Bifrost and Midgard Arm Mali GPU kernel motorists. This flaw permits an unprivileged user to gain unauthorized access to sensitive data and escalate privileges to the root level.
The third exploited vulnerability, CVE-2023-2136, is a critical-severity bug found in Skia, Google’s open up-source multi-platform 2D graphics library. It was originally disclosed as a zero-working day vulnerability in the Chrome browser and lets a remote attacker who has taken around the renderer method to complete a sandbox escape and apply distant code on Android gadgets.
Aside from these, Google’s July Android security bulletin highlights a different critical vulnerability, CVE-2023-21250, impacting the Android Program part. This issue can induce remote code execution devoid of person interaction or additional execution privileges, building it notably precarious.
These security updates are rolled out in two patch amounts. The original patch amount, manufactured available on July 1, focuses on core Android factors, addressing 22 security flaws in the Framework and Process components.
Upcoming WEBINAR🔐 Privileged Accessibility Management: Master How to Conquer Vital Challenges
Discover diverse methods to conquer Privileged Account Management (PAM) troubles and amount up your privileged entry security tactic.
Reserve Your Spot
The next patch degree, unveiled on July 5, targets kernel and closed resource components, tackling 20 vulnerabilities in Kernel, Arm, Creativeness Technologies, MediaTek, and Qualcomm factors.
It’s significant to be aware that the influence of the dealt with vulnerabilities may perhaps increase outside of the supported Android variations (11, 12, and 13), probably influencing more mature OS versions no longer acquire official assist.
Google has further released particular security patches for its Pixel devices, dealing with 14 vulnerabilities in Kernel, Pixel, and Qualcomm components. Two of these critical weaknesses could final result in privilege elevation and denial-of-provider attacks.
Uncovered this posting exciting? Comply with us on Twitter and LinkedIn to examine a lot more special material we write-up.
Some parts of this article are sourced from:
thehackernews.com