The July 2023 security patches have been released by Android and more than 43 vulnerabilities in the Android Operating System and its components are fixed.
Android also mentioned that the Android Open-Source Project (AOSP) will contain all the source code patches.
Android has also patched a severe vulnerability CVE-2023-21250 which could lead to remote code execution without user interaction. The vulnerability also does not require any execution privileges.
In addition to this, patches have also been released for the three most exploited Android vulnerabilities.
Actively Exploited Vulnerabilities
Android has discovered threat actors leveraging three Android vulnerabilities and exploiting them in the wild.
Two of these vulnerabilities were related to the Mali GPU Driver which is used to determine the frequency of the running GPU.
Another was related to Skia which is a 2D graphics library used by Chrome, ChromeOS, Android, Flutter, and many other products. The CVEs and the vulnerabilities are as follows:
- CVE-2023-26083 – Memory Leak Vulnerability in Mali GPU driver in the Midgard GPU Kernel (Arm-based) on all versions from r19p0 – r42p0 that allows a non-privileged user to make valid GPU processing operations and expose sensitive kernel metadata.
- CVE-2021-29256 – An Arm Mali GPU driver allows nonprivileged users to achieve access to freed memory resulting in information disclosure or root privilege escalation.
- CVE-2023-2136 – Skia in Google Chrome prior to versions 112.0.5615.137 has an Integer overflow vulnerability which can allow a remote attacker who had already compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page.
Another critical vulnerability related to the Qualcomm closed-source component was also patched.
- CVE-2023-21629 – Memory corruption in Modem due to double free in parsing sim files, a condition in which the free() function is called more than once leading to a memory leak.
Patches for Android and all of its Components
Furthermore, Google has also released patches for a list of vulnerabilities inside Android Frameworks, Android Kernel, and other Android components and partners. Android has also created several help pages for helping their users to install the latest security updates.
Users of Android are recommended to upgrade their Android to the latest versions to fix these vulnerabilities.
Source: https://cybersecuritynews.com/43-android-vulnerabilities/