Google has just released the July security patch for Android with 46 discovered vulnerabilities patched.
According to The Hacker News, among the vulnerabilities in Android patched by Google, three are being exploited by targeted attacks. A vulnerability assigned code CVE-2023-26083 is a memory leak that affects Arm Mali GPU drivers for Bifrost, Avalon, and Valhall chips.
This vulnerability was exploited in an attack that installed spyware on Samsung devices in December 2022. It was deemed serious enough that the Cybersecurity and Infrastructure Agency (CISA – USA) issued a patch order to federal agencies in April 2023.
Another critical vulnerability with code CVE-2021-29256 is high severity, affecting specific versions of the Bifrost and Midgard Arm Mali GPU kernel drivers. This bug gives unauthorized people unauthorized access to sensitive data and escalates privileges to the top level.
The third exploit is high severity CVE-2023-2136 which resides in Skia, Google’s cross-platform open-source 2D graphics library. It was originally identified as a zero-day vulnerability in the Chrome browser that allows a remote attacker to gain access to the sandbox and remotely deploy code on an Android device
Google’s July Android security patch also addresses critical vulnerability CVE-2023-21250, affecting Android system components. This issue can help with remote code execution without user interaction or additional privileges.
These security updates are rolled out at two levels. The first patch on July 1 focused on core Android components, addressing 22 security flaws in framework and system components. The second patch, released on July 5, fixes kernel and closed-source components and addresses 20 vulnerabilities in the core components, Arm chips, and imaging technology of MediaTek and Qualcomm processors.
The impact of the vulnerabilities could extend beyond supported Android versions (11, 12, and 13) though, potentially affecting older OS versions that no longer receive mainstream support. awake.
Google also released security patches addressing 14 vulnerabilities in components for Pixel devices. Two of these critical vulnerabilities provide privilege elevation and denial of service attacks
