Google has launched the October 2023 security updates for Android, addressing 54 distinctive vulnerabilities, together with two recognized to be actively exploited.
The 2 exploited flaws are CVE-2023-4863 and CVE-2023-4211, for which Google has “indications that they might be below restricted, focused exploitation.
CVE-2023-4863 is a buffer overflow vulnerability within the ubiquitous open-source library libwebp, which impacts quite a few software program merchandise, together with Chrome, Firefox, iOS, Microsoft Groups, and lots of extra.
The actual flaw was initially erroneously assigned separate CVEs for Apple iOS and Google Chrome, though it was truly within the underlying library. A subsequent try to repair it by assigning a brand new CVE (CVE-2023-5129) was rejected.
CVE-2023-4211 is an actively exploited flaw impacting a number of variations of Arm Mali GPU drivers utilized in a broad vary of Android gadget fashions.
This flaw is a use-after-free reminiscence situation that would enable attackers to domestically entry or manipulate delicate information.
In abstract, the October 2023 Android replace brings:
- 13 fixes in Android Framework
- 12 fixes in System parts
- Two updates on Google Play
- 5 fixes in Arm parts
- Three fixes regarding MediaTek chips
- One repair regarding Unisoc chips
- 18 fixes on Qualcomm parts (15 for closed-source)
Of the 54 fixes regarding Android 11 by way of 13, 5 are rated crucial, and two concern distant code execution issues.
This replace follows the usual system of releasing two patch ranges: the primary (2023-10-01) focuses on core Android parts (Framework + System), whereas the second (2023-10-06) addresses the kernel and closed-source parts.
This method permits gadget producers to selectively apply updates related to their {hardware} fashions, thus making them accessible quicker.
Recipients of the primary patch degree will acquire the present month’s Android core updates in addition to the updates from each ranges of the previous month, on this occasion, September 2023.
Those that see the second path degree on their replace display screen will get all of the updates talked about on this month’s bulletin.
Android variations 10 and older are now not supported, but relying on the scope of some lately mounted vulnerabilities, they may even be impacted.
That stated, customers of older Android programs are really helpful to improve to a more recent mannequin or flash their gadget with a third-party Android distribution that gives security updates for his or her fashions.
