Google has launched the October 2023 safety updates for Android, addressing 54 distinctive vulnerabilities, together with two identified to be actively exploited.
The 2 exploited flaws are CVE-2023-4863 and CVE-2023-4211, for which Google has “indications that they might be beneath restricted, focused exploitation.
CVE-2023-4863 is a buffer overflow vulnerability within the ubiquitous open-source library libwebp, which impacts quite a few software program merchandise, together with Chrome, Firefox, iOS, Microsoft Groups, and plenty of extra.
The actual flaw was initially erroneously assigned separate CVEs for Apple iOS and Google Chrome, though it was truly within the underlying library. A subsequent try to repair it by assigning a brand new CVE (CVE-2023-5129) was rejected.
CVE-2023-4211 is an actively exploited flaw impacting a number of variations of Arm Mali GPU drivers utilized in a broad vary of Android gadget fashions.
This flaw is a use-after-free reminiscence difficulty that might permit attackers to domestically entry or manipulate delicate information.
In abstract, the October 2023 Android replace brings:
- 13 fixes in Android Framework
- 12 fixes in System elements
- Two updates on Google Play
- 5 fixes in Arm elements
- Three fixes regarding MediaTek chips
- One repair regarding Unisoc chips
- 18 fixes on Qualcomm elements (15 for closed-source)
Of the 54 fixes regarding Android 11 by 13, 5 are rated crucial, and two concern distant code execution issues.
This replace follows the usual system of releasing two patch ranges: the primary (2023-10-01) focuses on core Android elements (Framework + System), whereas the second (2023-10-06) addresses the kernel and closed-source elements.
This method permits gadget producers to selectively apply updates related to their {hardware} fashions, thus making them obtainable quicker.
Recipients of the primary patch stage will get hold of the present month’s Android core updates in addition to the updates from each ranges of the previous month, on this occasion, September 2023.
Those that see the second path stage on their replace display will get all of the updates talked about on this month’s bulletin.
Android variations 10 and older are now not supported, but relying on the scope of some lately fastened vulnerabilities, they could even be impacted.
That mentioned, customers of older Android programs are advisable to improve to a more moderen mannequin or flash their gadget with a third-party Android distribution that provides safety updates for his or her fashions.
