December 10, 2023

Google has released the October 2023 security updates for Android devices running OS versions 11, 12, and 13, fixing 53 vulnerabilities, five of which are rated critical. Two of the critical issues are actively exploited in the wild, which means that attackers are already using them to target Android devices.

Tiered Update Approach

To streamline the update process, Google has segregated the October updates into three levels:

  • October 1: Targets Android system and framework components.
  • October 5: Focuses on kernel and third-party vendor closed-source components.
  • October 6: Addresses the Android system.

Vulnerabilities Under Active Exploitation

CVE-2023-4863: Classified as a critical severity remote code execution flaw. in the WebP code library (libwebp). The consequences of this vulnerability vary, ranging from abrupt system crashes to the more sinister arbitrary code execution. In simpler terms, attackers can potentially take control of the affected system, creating a realm of cyber nightmares.

CVE-2023-4211: A local user, without any privileges, can manipulate GPU memory processing operations to tap into memory that has already been freed. This vulnerability was unearthed and reported to Arm by the vigilant eyes at Google’s Threat Analysis Group (TAG) and Project Zero.

Advertisements

Other Noteworthy Vulnerabilities

CVE-2023-40129: Another remote code execution flaw in the system component that carries a critical severity tag.

October 5, 2023, patches: Three critical flaws to note are CVE-2023-24855, CVE-2023-28540, and CVE-2023-33028. These are deeply rooted in the Qualcomm closed-source components.

Android users running OS versions 11, 12, or 13, make it a priority to apply these updates. With vulnerabilities marked as actively exploited, it’s not just about adding new features or improving performance, it’s about securing your digital privacy and safety.

Updates Summary

  • 53 vulnerabilities addressed.
  • 5 classified as critical.
  • 2 vulnerabilities are under active exploitation.
  • Updates released on October 1, 5, and 6 targeting different system components.

For more details navigate the link

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

TheCyberThrone Security Week In Review – December 2nd & 10th, 2023

December 10, 2023

5Ghoul Vulnerabilities affects 5G devices

December 10, 2023

Microsoft EDGE Browser Critical Sandbox Escape Vulnerability – CVE-2023-35618

December 9, 2023

WordPress POP CMS Vulnerability

December 9, 2023

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2
%d