Official forum for Utopia Community
You are not logged in.
The monthly security updates from Google for the Android operating system fix 46 new software flaws. Three of these flaws have been found to be actively used in focused attacks.
A memory leak flaw affecting the Arm Mali GPU driver for Bifrost, Avalon, and Valhall chips is one of the vulnerabilities tracked as CVE-2023-26083. In a prior attack that took place in December 2022, this specific vulnerability was exploited, allowing spyware to infiltrate Samsung devices.
The Cybersecurity and Infrastructure Security Agency (CISA) decided that this vulnerability was serious enough to warrant issuing a patching order for federal agencies in April 2023.
Another important flaw, designated CVE-2021-29256, is a high-severity problem that affects particular versions of the Bifrost and Midgard Arm Mali GPU kernel drivers. Due to a bug, a non-privileged user could escalate their privileges to the root level and gain unauthorized access to sensitive information.
The third exploited flaw, CVE-2023-2136, is a critical error in Skia, Google's free, cross-platform 2D graphics library. It was first identified as a zero-day flaw in the Chrome browser, giving a remote attacker who has control of the renderer process the ability to perform a sandbox escape and install remote code on Android devices.
In addition to these, Google's July Android security bulletin highlights a critical vulnerability, CVE-2023-21250, affecting the Android System component. This problem poses a particularly dangerous risk of remote code execution without user interaction or additional execution privileges.
These security updates are released in two patch levels. The first patch level, released on July 1, focuses on fundamental Android components and fixes 22 security flaws in the Framework and System components.
On July 5, the second patch level was released. It addresses 20 vulnerabilities in closed-source and kernel components made by Arm, Qualcomm, MediaTek, Imagination Technologies, and the Kernel.
It's crucial to keep in mind that the effects of the fixed vulnerabilities may go beyond the supported Android versions (11, 12, and 13), possibly affecting older OS versions that are no longer officially supported.
For its Pixel devices, Google has also released specific security updates that address 14 vulnerabilities in Qualcomm, Pixel, and Kernel components. Privilege elevation and denial-of-service attacks may be the result of two of these serious flaws.
Offline