New Update Android Security Updates for July 2023 - Patch for 3 Exploited Vulnerabilities

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
11,043

Security updates that Google released this week for Android resolve 43 vulnerabilities, including three that have been exploited in attacks.

The exploited flaws, tracked as CVE-2023-2136, CVE-2023-26083, and CVE-2021-29256, impact Android’s System and Arm Mali components.

The internet giant says “there are indications” that these security defects “may be under limited, targeted exploitation”.

CVE-2023-2136 was disclosed in April as a zero-day vulnerability in the Chrome browser, and is described as an integer overflow issue in Skia.

The bug allows “a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page,” a NIST advisory explains.

According to Google’s July 2023 Android security bulletin, the vulnerability can be exploited to achieve remote code execution on Android devices.
 

Sandbox Breaker

Level 11
Verified
Top Poster
Well-known
Jan 6, 2022
519
Updated the second it came out. I still doubt that the attacker can gain persistence on a Pixel 7 and then pull "secrets" from the Tensor/Titan SoC. GL with that 😉
 
  • Hundred Points
Reactions: Zero Knowledge

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top