Google Tackles 46 Vulnerabilities with Monthly Android Security Update

Reading Time: ( Word Count: )

July 7, 2023
Nextdoorsec-course

Google has launched its monthly security patches for the Android system, resolving 46 newly discovered software vulnerabilities. Among them, three security loopholes were found to have been actively manipulated in targeted cyberattacks.

The vulnerability labeled CVE-2023-26083 is a memory leakage issue in the Arm Mali GPU driver applicable to Bifrost, Avalon, and Valhall chips. This weakness was previously manipulated in an attack that led to a spyware breach on Samsung gadgets in December 2022.

This flaw was considered so severe that the Cybersecurity and Infrastructure Security Agency (CISA) felt compelled to instruct federal agencies to apply a security patch in April 2023.

Another unique vulnerability, referenced as CVE-2021-29256, is a high-priority concern that impacts select models of the Bifrost and Midgard Arm Mali GPU kernel drivers. This problem enables an unprivileged user to illegitimately access confidential information and upgrade privileges to the root level.

Also Read: “Threads vs. Twitter: Which one collects your data more?”

The third manipulated vulnerability, CVE-2023-2136, is a high-impact bug found in Skia, Google’s multi-platform open-source 2D graphics library. It was initially revealed as a zero-day vulnerability in the Chrome browser and permits a remote attacker who has seized control of the rendering process to evade sandbox restrictions and implement remote code on Android gadgets.

In addition, Google’s July Android security announcement draws attention to another high-risk vulnerability, CVE-2023-21250, which affects the Android System component. This issue can facilitate remote code execution with no user engagement or additional execution permissions, making it notably hazardous.

These security patches are disseminated across two patch stages. The first patch stage, released on July 1, emphasizes core Android elements, addressing 22 security flaws in the Framework and System components.

The secondary patch stage, introduced on July 5, aims at kernel and proprietary components, resolving 20 vulnerabilities in the Kernel, Arm, Imagination Technologies, MediaTek, and Qualcomm components.

The effects of the resolved vulnerabilities could reach beyond the officially supported Android versions (11, 12, and 13), potentially impacting older operating system versions that no longer receive formal support.

In addition, Google has also rolled out specialized security patches for its Pixel devices, addressing 14 vulnerabilities in the Kernel, Pixel, and Qualcomm components. Two of these high-priority flaws could lead to privilege escalation and denial-of-service assaults.

Saher Mahmood

Saher Mahmood

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *