Wednesday, May 28, 2025
HomeAndroidAndroid Security Updates: 2023 - 37 Vulnerabilities Patched Including RCE, DOS

Android Security Updates: 2023 – 37 Vulnerabilities Patched Including RCE, DOS

Published on

SIEM as a Service

Follow Us on Google News

Android has fixed 37 vulnerabilities that were impacting its devices with the release of its November 2023 security updates. Most of the flaws included information disclosure, elevation of privilege, denial of service, and remote code execution.

These updates address major security flaws and offer important upgrades to safeguard user information security and Android devices’ overall functioning.

Vulnerability and Category

Android has examined every component and subcomponents to identify every possible vulnerability and apply the necessary patches. 

- Advertisement - Google News

These vulnerabilities impacted the Framework, Media Framework, System, and components, including the kernel and processor-based components. 

Almost 15 vulnerabilities related to Android’s Framework and System components were fixed. One of the main vulnerabilities patched in this release is a ‘critical’ security issue in the System component that might expose local information without requiring additional execution privileges.

 “The most severe of these issues is critical security vulnerability in the System component that could lead to local information disclosure with no additional execution privileges needed,” Google said.

This critical flaw, identified as CVE-2023-40113, has been fixed together with six additional issues in the System component that impacts various Android versions.

The remaining 14 vulnerabilities are ‘high-severity’ vulnerabilities addressed in this update, which includes information disclosure, denial-of-service attacks, and privilege escalation. 

The November 2023 security update for Android also fixes 22 security flaws in components, including Qualcomm, MediaTek, and Arm.

The Arm component had one ‘High’ severity issue tracked as CVE-2023-28469. 

MediaTek components have six ‘High’ severity issues, which include CVE-2023-32832, CVE-2023-32834, CVE-2023-32835, CVE-2023-32836, CVE-2023-32837, and CVE-2023-20702.

Qualcomm components include fixes for four high-severity vulnerabilities: CVE-2023-33031, CVE-2023-33055, CVE-2023-33059, and CVE-2023-33074.

Qualcomm closed-source components include fixes four critical vulnerabilities: CVE-2023-21671, CVE-2023-22388, CVE-2023-28574 and CVE-2023-33045. The remaining seven vulnerabilities are classified as ‘high’ severity issues.

Google has also published kernel version updates for Android 11 to 13, ensuring the most recent security fixes are implemented in the underlying operating system.

For detailed information on the vulnerabilities and patches, refer to the security bulletin released by Android.

Patch Manager Plus: Automatically Patch over 850 third-party applications quickly – Try Free Trial.

Also Read:

Android Application Penetration Testing

Threat Actors Abuse Google Groups To Send Fake Order Notifications

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Zero-Interaction libvpx Flaw in Firefox Allows Attackers to Run Arbitrary Code

Mozilla has released Firefox 139, addressing several critical and moderate security vulnerabilities that posed...

Threat Actors Use Fake DocuSign Notifications to Steal Corporate Data

DocuSign has emerged as a cornerstone for over 1.6 million customers worldwide, including 95%...

Government Calls on Organizations to Adopt SIEM and SOAR Solutions

In a landmark initiative, international cybersecurity agencies have released a comprehensive series of publications...

WordPress TI WooCommerce Wishlist Plugin Flaw Puts Over 100,000 Websites at Risk of Cyberattack

A severe security flaw has been identified in the TI WooCommerce Wishlist plugin, a...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

WordPress TI WooCommerce Wishlist Plugin Flaw Puts Over 100,000 Websites at Risk of Cyberattack

A severe security flaw has been identified in the TI WooCommerce Wishlist plugin, a...

Hackers Exploit Craft CMS Vulnerability to Inject Cryptocurrency Miner Malware

Threat actors have exploited a critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-32432,...

Mozilla Quickly Fixes Firefox Vulnerabilities from Pwn2Own 2025 with Urgent Patches

At this year’s Pwn2Own Berlin, security researchers successfully demonstrated two new zero-day exploits against...