June 2023 Android security updates: fix critical vulnerability CVE-2022-22706

Google has released the Android Security Bulletin for June 2023, which contains fixes for 56 vulnerabilities found in its operating system, across all its versions 11 to 13. Among the 56 vulnerabilities, 5 were classified as critical. Exploiting vulnerabilities can lead to attacks of various nature, such as Denial of Service, Information Disclosure, Privilege Escalation and Remote Code Execution. However, the most severe vulnerability identified is known as CVE-2022-22706, present in the Mali GPU, which appears to have been exploited as a zero-day since at least December 2022 for targeted attacks.

Vulnerability CVE-2022-22706

The most severe vulnerability in this version of the Android Security Bulletin has been assigned CVE-2022-22706 and has a high severity rating. The vulnerability affects Arm's Mali GPU kernel driver and has a score of 7.8 out of 10. If exploited, it could allow unprivileged users write access to read-only memory pages. According to Google's Threat Analysis Group, the vulnerability was allegedly used to target Samsung smartphones with a limited and targeted spyware campaign. Arm fixed the issue in Bifrost and Valhall GPU Kernel Driver r36p0 and Midgard Kernel Driver r32p0 release, while the fix has been adopted in the stable Android release only now. Samsung fixed the security issue with the May 2023 update for its devices.

Android OS update

As always, the Android Security Bulletin of June 2023 has been divided into two cumulative packages of updates cataloged, respectively, as 2023-06-01 security patch level, covering the main components of the operating system, and 2023-06-05 security patch level, which addressed and fixed security issues identified in components from closed-source vendors. Since the CVE-2022-22706 vulnerability fix has been integrated into the most recent update, users who adopted the March or before May update for their Samsung devices should ensure that they download and install the new update for their device. It is important for users to take this approach to keep their devices protected from any security threats. In any case, users should always follow the correct procedures to update the Android operating system of their devices, such as regularly checking for new updates, especially security ones, and downloading them promptly. Furthermore, given that the vulnerabilities can also be exploited through web browsing or opening messages, users should use safe browsing and activate the security features offered by their browser, such as the ad blocking system , which sometimes include examples of malicious software that can infect your device. Users can also consider installing a mobile security software to increase the security of their Android device.

Periodic prevention activities

Despite numerous efforts to improve the security level of Android, the operating system continues to be targeted by hackers and hence, it is important for users to keep their devices protected with the latest updates and security procedures. Users should also consider limiting the installation of unofficial apps on Android devices, as these apps may contain vulnerabilities or malware that can harm the user's device. Ultimately, mobile security is a concern that cannot be ignored and requires the constant attention and effort of users and software developers.