Attackers can attack Android in a variety of ways and paralyze devices via DoS attacks or even execute malicious code. Some manufacturers have now released important security patches for certain smartphones and tablets.
In an article, Google explicitly warns of a “critical” system vulnerability (CVE-2023-21273). According to Google, Android 11, 12, 12L and 13 are affected. Attackers should not need any additional execution permissions for this. What attacks could look like in detail is currently unknown. There are other vulnerabilities in the system and attackers can access information without authorization and acquire higher user rights.
A “critical” vulnerability (CVE-2023-21282) affects the Media Framework and could also allow malicious code onto devices. Attacks should be possible from afar. The developers have closed 17 security gaps in the framework, all of which are classified as “high” threat level.
The kernel is also affected by a “critical” vulnerability (CVE-2023-21264). Attackers can apply higher user rights to the KVM subcomponent here. Arm, MediaTek and Qualcomm have closed gaps in other sub-components that affect them, such as Mali.
If you own a supported Android device, you should ensure that patch level 2023-08-01 or 2023-08-05 is installed. In addition to Google, other manufacturers such as LG and Samsung also make monthly security updates available for download for some models (see box).
Another post reveals that Google’s Pixel series has received additional security updates. For example, the WLAN component was secured. Google classifies the threat of these vulnerabilities as “moderate”.
In addition to Google, other manufacturers regularly release security patches – but mostly only for a few product series. Devices from other manufacturers receive the updates much later or, in the worst case, not at all.
Go to home page
#Patchday #Critical #malicious #code #vulnerabilities #threaten #Android