Google patches 43 Android Vulnerabilities Including 3 actively exploited zero-days

The July 2023 security patches were launched by Android and more than 43 vulnerabilities within the Android Operating Machine and its ingredients are fixed.

Android also mentioned that the Android Originate-Provide Project (AOSP) will enjoy the total source code patches.

Android has also patched a severe vulnerability CVE-2023-21250 which might maybe maybe well result in distant code execution with out individual interaction. The vulnerability also doesn’t require any execution privileges.

Besides this, patches enjoy also been launched for the three most exploited Android vulnerabilities.

Actively Exploited Vulnerabilities

Android has stumbled on risk actors leveraging three Android vulnerabilities and exploiting them within the wild.

Two of these vulnerabilities were associated to the Mali GPU Driver which is frail to win out the frequency of the working GPU.

Every other used to be associated to Skia which is a 2D graphics library frail by Chrome, ChromeOS, Android, Flutter, and heaps other merchandise. The CVEs and the vulnerabilities are as follows:

• CVE-2023-26083 – Memory Leak Vulnerability in Mali GPU driver within the Midgard GPU Kernel (Arm-essentially based fully mostly) on all versions from r19p0 – r42p0 that allows a non-privileged individual to diagram proper GPU processing operations and converse sensitive kernel metadata.
• CVE-2021-29256 – An Arm Mali GPU driver enables nonprivileged customers to diagram assemble real of entry to to freed memory ensuing in knowledge disclosure or root privilege escalation.
• CVE-2023-2136 – Skia in Google Chrome previous to versions 112.0.5615.137 has an Integer overflow vulnerability which is ready to enable a a lot off attacker who had already compromised the renderer project to potentially compose a sandbox fracture out via a crafted HTML page.

Every other serious vulnerability associated to the Qualcomm closed-source part used to be also patched.

• CVE-2023-21629 – Memory corruption in Modem on account of double free in parsing sim recordsdata,  a situation in which the free() characteristic is called more than as soon as leading to a memory leak.

Patches for Android and all of its Parts

Moreover, Google has also launched patches for an inventory of vulnerabilities inner Android Frameworks, Android Kernel, and other Android ingredients and companions. Android has also created several reduction pages for serving to their customers to put in the most contemporary security updates.

Users of Android are recommended to upgrade their Android to the most contemporary versions to repair these vulnerabilities.