Google releases fix for 3 actively exploited bugs for Android
G
oogle has released the monthly security updates for the Android operating system, which come with fixes for 46 vulnerabilities, along with the fix for three actively exploited bugs.ย
There are indications that the following may be under limited, targeted exploitation -- CVE-2023-26083, CVE-2021-29256, and CVE-2023-2136, reads Android Security Bulletin.
According to BleepingComputer, CVE-2023-26083 is a medium-severity memory leak flaw in the Arm Mali GPU driver for Bifrost, Avalon, and Valhall chips that was exploited in a December 2022 exploit chain that delivered spyware to Samsung devices.
CVE-2021-29256 is a critical unprivileged information disclosure and root privilege escalation vulnerability that affects specific versions of the Bifrost and Midgard Arm Mali GPU kernel drivers.
The third vulnerability, CVE-2023-2136, is a critical-severity one with a score of 9.6 out of 10 as it is an integer overflow bug in Skia, Google's open-source multi-platform 2D graphics library that is also used in Chrome, where it was fixed in April, the report said.
Moreover, the report mentioned that CVE-2023-21250, a critical vulnerability in Android's System component that affects Android versions 11, 12, and 13, is the most serious of the security issues that Google fixed this month.
The Android security update for this month covers Android versions 11, 12, and 13, but depending on the scope of the addressed vulnerabilities, they may affect older OS versions that are no longer supported.
โ๏ธ Google releases fix for 3 actively exploited bugs for Android
๐ Post your comments
๐ Found this article helpful? Spread the word and support us!