silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 11,043
Android Security Bulletin—July 2023 | Android Open Source Project
source.android.com
Security updates that Google released this week for Android resolve 43 vulnerabilities, including three that have been exploited in attacks.
The exploited flaws, tracked as CVE-2023-2136, CVE-2023-26083, and CVE-2021-29256, impact Android’s System and Arm Mali components.
The internet giant says “there are indications” that these security defects “may be under limited, targeted exploitation”.
CVE-2023-2136 was disclosed in April as a zero-day vulnerability in the Chrome browser, and is described as an integer overflow issue in Skia.
The bug allows “a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page,” a NIST advisory explains.
According to Google’s July 2023 Android security bulletin, the vulnerability can be exploited to achieve remote code execution on Android devices.
Android Security Updates Patch 3 Exploited Vulnerabilities
Google’s July 2023 security updates for Android patches 43 vulnerabilities, including three exploited in the wild.
www.securityweek.com