New Update Android Security Update for October 2023 - Fixes 2 Exploited Vulnerabilities

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,396
Google on Monday announced the release of patches for 51 vulnerabilities as part of the October 2023 security updates for Android, including fixes for two zero-day flaws exploited in malicious attacks.

The first of the exploited issues is CVE-2023-4863 (CVSS score of 8.8), a heap buffer overflow in the Libwebp library that leads to an out-of-bounds memory write and remote code execution (RCE).

In the Android security bulletin for October 2023, Google explains that the vulnerability impacts the System component and assesses it with a ‘critical’ severity rating.

While the tech giant does not provide specific information on the observed in-the-wild exploitation, the issue was identified and reported by Apple and the Citizen Lab group at The University of Torontoʼs Munk School, which often details attacks linked to commercial spyware vendors. The flaw had been exploited to deliver spyware to iPhones.


 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top