Google has just released its list of monthly Android OS security updates. They fix 46 vulnerabilities, three of which have been identified as being actively exploited during targeted intrusions. To your phones, and prepare your update!
With the increasing amount of cyberattacks and cybersecurity risks, protecting your smartphone is a must. Each OS has flaws, which are quickly spotted by the hackers who take advantage of them. To avoid this as much as possible, Google updates Android monthly to make up for its weaknesses. Three of them have just been corrected and that’s good, because they were known and vulnerable.
Exploited vulnerabilities
Among these three vulnerabilities, one of them is called CVE-2023-26083. It is a memory leak flaw that concerns the Arm Mali GPU driver in charge of operating several chips: Avalon, Bitfrost and Valhall. In December 2022, this flaw was exploited to insert malware into Samsung smartphones. In April 2023, the US Cyber and Infrastructure Security Agency (CISA) issued a mandatory remediation order for federal agencies.
The second vulnerability in the list is also important. Responding to the name of CVE-2021-29256, it affects certain versions of the Arm Mali GPU driver (him again!) for Midgard and Bifrost chips. This flaw could lead to an unauthorized user to access sensitive data and modify OS system settings.
The last of the three, CVE-2023-2136, is a bug in Google’s open-source 2D library, Skia. Initially spotted on the Chrome browser, it allowed a hacker to evade phone security measures and execute lines of malicious code from Android devices.
Patches and security updates
The deployment of this update was done in two levels of patches. The first was published on 1er July and focused on the main components of Android: activities, services or content providers for example. It corrected 22 security flaws present in the Framework as well as in system components.
On July 5, the second tier was rolled out to focus on core and source code components instead. A total of 20 software vulnerabilities were addressed in components from the MediaTek, Qualcomm, Kernel, Arm and Imagination Technologies brands.
Do not forget to regularly update your Android, it is essential for its good health and the security of your data! It will only take you a few minutes and will strengthen the protection of your smartphone. We have all procrastinated at least once on this point, but now you are informed!
Sources: The Hacker News, XDA Developers
10