Google has released the October 2023 security updates for Android devices running OS versions 11, 12, and 13, fixing 53 vulnerabilities, five of which are rated critical. Two of the critical issues are actively exploited in the wild, which means that attackers are already using them to target Android devices.
Tiered Update Approach
To streamline the update process, Google has segregated the October updates into three levels:
- October 1: Targets Android system and framework components.
- October 5: Focuses on kernel and third-party vendor closed-source components.
- October 6: Addresses the Android system.
Vulnerabilities Under Active Exploitation
CVE-2023-4863: Classified as a critical severity remote code execution flaw. in the WebP code library (libwebp). The consequences of this vulnerability vary, ranging from abrupt system crashes to the more sinister arbitrary code execution. In simpler terms, attackers can potentially take control of the affected system, creating a realm of cyber nightmares.
CVE-2023-4211: A local user, without any privileges, can manipulate GPU memory processing operations to tap into memory that has already been freed. This vulnerability was unearthed and reported to Arm by the vigilant eyes at Google’s Threat Analysis Group (TAG) and Project Zero.
Other Noteworthy Vulnerabilities
CVE-2023-40129: Another remote code execution flaw in the system component that carries a critical severity tag.
October 5, 2023, patches: Three critical flaws to note are CVE-2023-24855, CVE-2023-28540, and CVE-2023-33028. These are deeply rooted in the Qualcomm closed-source components.
Android users running OS versions 11, 12, or 13, make it a priority to apply these updates. With vulnerabilities marked as actively exploited, it’s not just about adding new features or improving performance, it’s about securing your digital privacy and safety.
- 53 vulnerabilities addressed.
- 5 classified as critical.
- 2 vulnerabilities are under active exploitation.
- Updates released on October 1, 5, and 6 targeting different system components.
For more details navigate the link