Android Security Updates: Over 40 Vulnerabilities Including Critical RCE Patched
Android has launched its August Security patches all over which more than 40 vulnerabilities were identified and stuck. Loads of the vulnerabilities had been linked to remote code execution (RCE), Elevation of Privileges (EoP), and Info Disclosure (ID).
The vulnerabilities make contributions to 37 Excessive Severity vulnerabilities and 4 Serious Severity vulnerabilities. Most serious one became once chanced on to be the remote code execution vulnerabilities without individual interaction. As of July patches, 43 vulnerabilities had been patched by Android.
Vulnerability and Class
Android has long past via each and every component and subcomponents to win the nook and corner of each and every vulnerability and patch them accordingly. These vulnerabilities had been linked to Android runtime, Framework, Media Framework, System, and parts adore Kernel and processor-based totally parts.
Android runtime became once chanced on with supreme a remote records disclosure vulnerability which did no longer consist of any execution privileges or individual interaction. The vulnerability became once labeled as a Excessive severity with a CVE-2023-21265.
The Framework share of Android security patches showed plenty of excessive-severity vulnerabilities; basically the most serious one became once a remote code execution vulnerability with a CVE-2023-21287. Other excessive-severity vulnerabilities had been linked to EoP, ID, and DoS (Denial of Service).
The MediaFramework and System sections had supreme one serious severity vulnerability with CVE-2023-21282 and CVE-2023-21273, that were chanced on to be Faraway code execution.
Kernel level vulnerabilities had one serious severity vulnerability which became once chanced on to be an Elevation of Privilege (EoP) category sigh within the KVM subcomponent. This did no longer require any individual interaction for exploitation. The CVE became once given as CVE-2023-21264
Processor-based totally vulnerabilities share showed one serious in Qualcomm closed-source parts and one excessive severity vulnerability in each and every Arm subcomponent Mali and MediaTek subcomponent keyinstall . The CVEs had been CVE-2022-40510 (Qualcomm), CVE-2023-20780 (MediaTek), and CVE-2022-34830 (Arm).
For detailed records on the vulnerabilities and patches, test with the safety bulletin launched by Android.
Source credit : cybersecuritynews.com