In its latest round of security upgrades for October, Google has taken action to address a total of 53 vulnerabilities, with two of them currently under active exploitation by cyber threats. Google’s security alert suggests that these two vulnerabilities are being targeted in a focused and limited manner.
If your Android device is running patch level 2023-10-06 or later, you can rest assured that the following two issues have already been resolved. These critical updates are available for Android versions 11, 12, 12L, and 13. However, it’s important to note that while Android partners are notified about these issues at least a month before their public disclosure, the availability of fixes may vary across different device manufacturers.
[FREE E-BOOK] The Definite Blueprint for Cybersecurity in Manufacturing
These two vulnerabilities currently being actively exploited have already been included in the Cybersecurity & Infrastructure Security Agency’s (CISA) list of known vulnerabilities. Hence, Federal Civilian Executive Branch (FCEB) agencies are required to address these vulnerabilities before specific deadlines. CVE-2023-4863 was due for resolution on October 4, 2023, while CVE-2023-4211 needed to be fixed by October 24, 2023.
To check if your device is secure, navigate to the Settings app, where you can easily find the Android version number, security update level, and Google Play system level. You will receive notifications when updates are available, but you can also manually check for updates.
For most phones, the process is quite standard. Although there might be minor variations based on your device’s brand, type, and Android version, you can typically tap on “Software updates” under “About phone” or “About device” to see if any new updates are available for your device.
The Common Vulnerabilities and Exposures (CVE) database is a repository of publicly acknowledged security issues in computer systems. Among these CVEs, there are instances of active exploitation, including:
CVE-2023-4863: This CVE represents a heap buffer overflow within the libwebp library, affecting numerous programs that utilize it for encoding and decoding images in the WebP format. It allows a remote attacker to execute an out-of-bounds memory write by using a specially crafted HTML page.
If your phone is at the patch level 2023-10-05, you can be assured that this vulnerability has been addressed and fixed.
However, the same cannot be said for CVE-2023-4211. To secure your device from this vulnerability, it’s essential to be on patch level 2023-10-06.
CVE-2023-4211 reveals that a local non-privileged user may gain access to previously released memory through erroneous GPU memory processing operations. This vulnerability affects a wide range of Android device types, including popular brands like Google, Samsung, Huawei, Xiaomi, and some Linux devices. The vulnerability lies in the Arm Mali GPU drivers, found in various versions. A GPU is a specialized processor primarily used for graphics-related operations such as image and video rendering, as well as resource-intensive computations like AI training and cryptocurrency mining.
For each update wave, Google typically employs two separate patch levels. This allows Android partners to swiftly address a subset of vulnerabilities common to all Android devices. The number of vulnerabilities addressed increases with the patch level. In this update cycle, the notable distinction between patch levels 2023-10-05 and 2023-10-06 is the significant patch for CVE-2023-4211.
Qualcomm, the chipmaker, mentioned in its October security alert that both Google Threat Analysis Group and Google Project Zero had identified evidence suggesting potential limited, targeted exploitation for CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, and CVE-2023-33063. However, it remains uncertain when the security updates from relevant vendors will include patches for these vulnerabilities.
Let’s hope that these updates will soon be available for our devices.
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.