October 2023 security updates for Android: fixed two exploited vulnerability issues
Security risks for Android users: exploited vulnerabilities and spread of spyware on iPhone
Google has released the October 2023 security updates for Android, fixing 51 vulnerabilities, including 2 zero-days exploited in malicious attacks. These issues were reported by Apple and Citizen Lab and were used to spread spyware on iPhones. Additionally, a bug in the Arm Mali GPU driver that allowed unauthorized memory access has been fixed.
Google announced the release of the October 2023 security updates for Android, which address a total of 51 vulnerabilities, including 2 zero-day vulnerabilities exploited in malicious attacks.
The first exploited issue concerns CVE-2023-4863
The first exploited issue concerns CVE-2023-4863 (CVSS score of 8.8), a heap buffer overflow in the Libwebp library that can lead to an out-of-bounds memory write and remote code execution (RCE).
Attacks targeting iPhone detected
While not providing specific details about the ongoing attacks, Google said this issue was reported by Apple and the Citizen Lab group at the University of Toronto's Munk School, which is often linked to commercial spyware vendors. The vulnerability was exploited to spread spyware on iPhone.
A second zero-day problem solved
A second zero-day issue addressed this month concerns CVE-2023-4211, a bug in the Arm Mali GPU driver that allows an unprivileged local user to perform "improper operations on GPU memory processing to access already freed memory ". There was limited evidence of targeted exploitation of this vulnerability, suggesting the possible involvement of commercial spyware.
Follow us on WhatsApp for more pills like this10/03/2023 10:07
Editorial AI