20.1 C
Sunday, July 21, 2024

Android Updates Patching Over 40 Vulnerabilities

Android has released its August Security patches, addressing over 40 vulnerabilities.

These vulnerabilities primarily relate to remote code execution (RCE), Elevation of Privileges (EoP), and Information Disclosure (ID).

- Advertisement -

Identified Vulnerabilities

This recent batch of Android security updates has pinpointed 37 High Severity vulnerabilities and 4 Critical Severity vulnerabilities.

The most concerning among these is the discovery of RCE vulnerabilities that can operate without user interaction. Building on July’s patches, a total of 43 vulnerabilities have been addressed.

Vulnerability Categories and Areas

Android’s security teams meticulously examined various components and subcomponents to locate and address vulnerabilities.

The affected areas included:

  • Android runtime,
  • Framework,
  • Media Framework,
  • System,
  • Kernel,
  • and processor-based components

Android Runtime Vulnerability

Within Android’s runtime, a remote information disclosure vulnerability was uncovered. Notably, this vulnerability lacked execution privileges and user interaction. It received a High severity classification and is recognized as CVE-2023-21265.

Framework Vulnerabilities

The Framework section revealed several high-severity vulnerabilities, including a critical RCE vulnerability (CVE-2023-21287). Other high-severity concerns encompassed EoP, ID, and Denial of Service (DoS).

Media Framework and System Vulnerabilities

Both the Media Framework and System sections were home to a critical severity vulnerability each, both related to remote code execution (CVE-2023-21282 and CVE-2023-21273, respectively).

Kernel and Processor-based Vulnerabilities

A critical Elevation of Privilege vulnerability was identified in the Kernel’s KVM subcomponent, requiring no user interaction (CVE-2023-21264). Among processor-based vulnerabilities, Qualcomm’s closed-source components exhibited a critical vulnerability, while Arm’s Mali and MediaTek’s keyinstall subcomponents displayed high-severity vulnerabilities (CVE-2022-40510, CVE-2023-20780, and CVE-2022-34830, respectively).


Also Read