Android security updates fix three actively exploited vulerabilities
Take action: Check your phone vendor for releases of OS update since your Android phone is vulnerable, and it is being hunted by malicious hackers to be hacked.
Learn More
Google has released the monthly security updates for the Android operating system, addressing 46 vulnerabilities. Among them, three vulnerabilities (CVE-2023-26083, CVE-2021-29256, and CVE-2023-2136) are actively being exploited.
- CVE-2023-26083 is a medium-severity memory leak flaw in the Arm Mali GPU driver that was used in an exploit chain targeting Samsung devices.
- CVE-2021-29256 is a high-severity information disclosure and root privilege escalation flaw in specific versions of the Arm Mali GPU kernel drivers.
- CVE-2023-2136, is a critical-severity integer overflow bug in Skia, the open-source graphics library used in Chrome.
- The most severe vulnerability, CVE-2023-21250, is a critical remote code execution flaw in Android's System component affecting Android versions 11, 12, and 13. Google claims that exploiting CVE-2023-21250 could lead to remote code execution with no user interaction or additional execution privileges
The update follows a two-patch level approach, allowing device manufacturers to selectively apply the updates. It is recommended to install the latest security updates or consider upgrading to a newer device if older versions are no longer supported.
