Update your Android Smartphone and Safeguard Yourself from These 3 Exploited Bugs
Google has just rolled out its latest batch of monthly security updates for the Android operating system. These updates address a total of 46 vulnerabilities, including three critical bugs that are actively being exploited. Of particular concern is the fact that these vulnerabilities have the potential to pose a significant threat to Android users in real-world scenarios.
Google’s recently released security bulletin highlights specific vulnerabilities that have raised concerns about potential limited and targeted exploitation. The vulnerabilities in question, namely CVE-2023-26083, CVE-2021-29256, and CVE-2023-2136, have caught Google’s attention due to indications that they may be susceptible to such focused attacks.
As reported by BleepingComputer, a notable vulnerability known as CVE-2023-26083 has come to light. This medium-severity flaw relates to a memory leak issue found in the Arm Mali GPU driver, specifically impacting Valhall, Bifrost, and Avalon chips. Disturbingly, this vulnerability has already been exploited as part of an exploit chain in December 2022, resulting in the delivery of spyware onto Samsung devices.
A critical vulnerability labeled as CVE-2021-29256 has emerged, posing significant risks to certain versions of the Bifrost and Midgard Arm Mali GPU kernel drivers. This particular flaw, carrying a CVSS v3.1 score of 8.8, encompasses two crucial aspects: unprivileged information disclosure and root privilege escalation. With these vulnerabilities present, unauthorized individuals could potentially access sensitive information and elevate their privileges on affected systems.
Read Also: How To Prevent Spyware And Adware?
Among the vulnerabilities addressed by Google’s security updates, the third one, identified as CVE-2023-2136, stands out as another critical severity issue. With a notable score of 9.6 out of 10, this vulnerability revolves around an integer overflow bug within Skia, an open-source 2D graphics library extensively utilized by Google, including in the Chrome browser. Notably, this bug was successfully rectified in Chrome back in April.
Google’s latest update adheres to its standard practice of deploying two patch levels to address different aspects of the Android system. The first patch level, labeled 2023-07-01, focuses on core Android components, specifically the framework. The second patch level, known as 2023-07-05, targets the kernel and closed-source components.
The latest Android security update released this month encompasses Android versions 11, 12, and 13. While the primary focus is on addressing vulnerabilities within these versions, it is worth noting that the impact of these vulnerabilities may extend beyond the supported OS versions. Older versions of Android, which are no longer officially supported by Google, could potentially be affected depending on the nature and scope of the vulnerabilities being addressed.