Android: fixed 37 vulnerabilities with the november 2023 update
Improved mobile device defense with the integration of critical security fixes
Google has released security updates for Android, fixing 37 vulnerabilities. A flaw in the system allowed information disclosure, but was fixed along with other flaws.
Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.
Google has released security updates for Android that fix 37 vulnerabilities, including a critical information disclosure vulnerability. The update, delivered in a patch called 2023-11-01, focuses on 15 flaws in Android's Framework and System components, specifically addressing a critical vulnerability in the System component that could allow information disclosure without additional privileges.
Critical vulnerability details
The main vulnerability, identified as CVE-2023-40113, affects Android versions 11, 12, 12L and 13. It has been fixed along with six other issues in the System component classified as 'high severity'. An additional 14 vulnerabilities addressed by the patch are also considered high severity and could lead to privilege escalation, information disclosure, and denial of service.
Additional security patches for Android components
The second set of November 2023 updates, labeled security patch level 2023-11-05, addresses 22 flaws in components supplied by Arm, MediaTek, and Qualcomm. Devices running the 2023-10-05 security patch level already include fixes for all vulnerabilities mentioned in previous security bulletins, including the November 2023 update.
Security measures specific to Pixel devices and other platforms
This round of updates also includes fixes to eight vulnerabilities specific to Google's Pixel devices, with issues affecting the kernel, WLAN components, and Qualcomm components. For Pixel devices, a security patch level dated 2023-11-01 or later is sufficient to mitigate these risks. Google has not released specific updates for Wear OS and Automotive OS this month, as those platforms are protected by the patches already mentioned. At the moment, there are no reports that these vulnerabilities have been exploited in malicious attacks.Follow us on Google News for more pills like this