Headline
Update Android now! Google patches three important vulnerabilities
Categories: Android Categories: Exploits and vulnerabilities Categories: News Tags: Google
Tags: Android
Tags: update
Tags: CVE-2023-21085
Tags: CVE-2023-21096
Tags: CVE-2022-38181
Tags: Use-after-free
Tags: input validation
Google has released an Android update that fixes two critical remote code execution (RCE) vulnerabilities, and one vulnerability that has been exploited in the wild.
(Read more…)
The post Update Android now! Google patches three important vulnerabilities appeared first on Malwarebytes Labs.
In the April 2023 Android security bulletin, Google announced security updates which include fixes for two critical remote code execution (RCE) vulnerabilities and one vulnerability that has been exploited in the wild. The vulnerabilities are impacting Android systems running versions 11, 12, 12L, and 13. Users should update as soon as they can.
What needs to be done
If your Android is on security patch level 2023-04-05 or later, this will address all of these issues. Android partners are notified of all issues at least a month before publication, however this doesn’t always mean that the patches are available for devices from all vendors.
You can find your Android’s version number, security update level, and Google Play system level in your Settings app. You should get notifications when updates are available for you, but you can also check for updates.
For most phones it works like this: Under About phone or About device you can tap on Software updates to check if there are new updates available for your device, although there may be slight differences based on the brand, type, and Android version of your device.
Two critical vulnerabilities
Google never discloses a lot of details about these vulnerabilities. Access to bug details and links are usually restricted until the majority of users are updated with a fix. Here’s what we know so far:
CVE-2023-21085: A vulnerability in the System component which allows a remote attacker to execute arbitrary code. The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
When a program is unable to perform a proper verification of input, using unintended input can influence program data flow handling. Attackers can abuse this by creating input data that can cause changes of control flow, arbitrary control of a resource, or arbitrary code execution.
CVE-2023-21096: Another vulnerability in the System component which allows a remote attacker to execute arbitrary code. The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
One vulnerability exploited in the wild
CVE-2022-38181: A vulnerability in the Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This use-after-free (UAF) vulnerability allows a local application to escalate privileges on the system. A local application can trigger memory corruption and execute arbitrary code with elevated privileges. This vulnerability is known to be exploited in targeted attacks and was first spotted in November 2022.
UAF is a type of vulnerability that is the result of the incorrect use of dynamic memory during a program’s operation. If, after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to manipulate the program. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. By using dynamic memory allocated to a program with higher privileges, the attacker can use those privileges to execute his code.
We don’t just report on vulnerabilities—we identify them, and prioritize action.
Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.
Related news
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality.
In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-242544249
Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.
A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group (TAG) has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap between the release of a fix and when it was actually deployed on the targeted devices. "These