Android Updates Patching Over 40 Vulnerabilities

Android has released its August Security patches, addressing over 40 vulnerabilities.

These vulnerabilities primarily relate to remote code execution (RCE), Elevation of Privileges (EoP), and Information Disclosure (ID).

- Advertisement -

Identified Vulnerabilities

This recent batch of Android security updates has pinpointed 37 High Severity vulnerabilities and 4 Critical Severity vulnerabilities.

The most concerning among these is the discovery of RCE vulnerabilities that can operate without user interaction. Building on July’s patches, a total of 43 vulnerabilities have been addressed.

Vulnerability Categories and Areas

Android’s security teams meticulously examined various components and subcomponents to locate and address vulnerabilities.

The affected areas included:

Android runtime,
Framework,
Media Framework,
System,
Kernel,
and processor-based components

Android Runtime Vulnerability

Within Android’s runtime, a remote information disclosure vulnerability was uncovered. Notably, this vulnerability lacked execution privileges and user interaction. It received a High severity classification and is recognized as CVE-2023-21265.

Framework Vulnerabilities

The Framework section revealed several high-severity vulnerabilities, including a critical RCE vulnerability (CVE-2023-21287). Other high-severity concerns encompassed EoP, ID, and Denial of Service (DoS).

Media Framework and System Vulnerabilities

Both the Media Framework and System sections were home to a critical severity vulnerability each, both related to remote code execution (CVE-2023-21282 and CVE-2023-21273, respectively).

Kernel and Processor-based Vulnerabilities

A critical Elevation of Privilege vulnerability was identified in the Kernel’s KVM subcomponent, requiring no user interaction (CVE-2023-21264). Among processor-based vulnerabilities, Qualcomm’s closed-source components exhibited a critical vulnerability, while Arm’s Mali and MediaTek’s keyinstall subcomponents displayed high-severity vulnerabilities (CVE-2022-40510, CVE-2023-20780, and CVE-2022-34830, respectively).

TheCISO

Website | + posts

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Android Updates Patching Over 40 Vulnerabilities

Identified Vulnerabilities

Vulnerability Categories and Areas

Android Runtime Vulnerability

Framework Vulnerabilities

Media Framework and System Vulnerabilities

Kernel and Processor-based Vulnerabilities

TheCISO

Also Read

Five Penetration Testing Frameworks and Methodologies

Defense in Depth – The Layered Approach to Cybersecurity

How to Become a Cybersecurity Expert

How to be Anonymous Online

A List of Tools to Help you Detect the Log4j Vulnerability

Cybersecurity Analyst Interview Questions

The Internet of Medical Things and Cybersecurity Risk

Find Information About a Person on Instagram with OSINTgram

NIST Publications on Penetration Testing

Penetration Testing: Pre-Engagement Interactions

Menu

Popular Categories