Tuesday, May 28, 2024

Android Security Updates: 2023 – 37 Vulnerabilities Patched Including RCE, DOS

Android has fixed 37 vulnerabilities that were impacting its devices with the release of its November 2023 security updates. Most of the flaws included information disclosure, elevation of privilege, denial of service, and remote code execution.

These updates address major security flaws and offer important upgrades to safeguard user information security and Android devices’ overall functioning.

Vulnerability and Category

Android has examined every component and subcomponents to identify every possible vulnerability and apply the necessary patches. 

These vulnerabilities impacted the Framework, Media Framework, System, and components, including the kernel and processor-based components. 

Almost 15 vulnerabilities related to Android’s Framework and System components were fixed. One of the main vulnerabilities patched in this release is a ‘critical’ security issue in the System component that might expose local information without requiring additional execution privileges.

 “The most severe of these issues is critical security vulnerability in the System component that could lead to local information disclosure with no additional execution privileges needed,” Google said.

This critical flaw, identified as CVE-2023-40113, has been fixed together with six additional issues in the System component that impacts various Android versions.

The remaining 14 vulnerabilities are ‘high-severity’ vulnerabilities addressed in this update, which includes information disclosure, denial-of-service attacks, and privilege escalation. 

The November 2023 security update for Android also fixes 22 security flaws in components, including Qualcomm, MediaTek, and Arm.

The Arm component had one ‘High’ severity issue tracked as CVE-2023-28469. 

MediaTek components have six ‘High’ severity issues, which include CVE-2023-32832, CVE-2023-32834, CVE-2023-32835, CVE-2023-32836, CVE-2023-32837, and CVE-2023-20702.

Qualcomm components include fixes for four high-severity vulnerabilities: CVE-2023-33031, CVE-2023-33055, CVE-2023-33059, and CVE-2023-33074.

Qualcomm closed-source components include fixes four critical vulnerabilities: CVE-2023-21671, CVE-2023-22388, CVE-2023-28574 and CVE-2023-33045. The remaining seven vulnerabilities are classified as ‘high’ severity issues.

Google has also published kernel version updates for Android 11 to 13, ensuring the most recent security fixes are implemented in the underlying operating system.

For detailed information on the vulnerabilities and patches, refer to the security bulletin released by Android.

Patch Manager Plus: Automatically Patch over 850 third-party applications quickly – Try Free Trial.

Also Read:

Android Application Penetration Testing

Threat Actors Abuse Google Groups To Send Fake Order Notifications

Website

Latest articles

Researchers Exploited Nexus Repository Using Directory Traversal Vulnerability

Hackers target and exploit GitHub repositories for a multitude of reasons and illicit purposes.The...

DDNS Service In Fortinet Or QNAP Embedded Devices Exposes Sensitive Data, Researchers Warn

Hackers employ DNS for various purposes like redirecting traffic to enable man-in-the-middle attacks, infecting...

PoC Exploit Released For macOS Privilege Escalation Vulnerability

A new vulnerability has been discovered in macOS Sonoma that is associated with privilege...

CatDDoS Exploiting 80+ Vulnerabilities, Attacking 300+ Targets Daily

Malicious traffic floods targeted systems, servers, or networks in Distributed Denial of Service (DDoS)...

GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials

GNOME desktop manager was equipped with a new feature which allowed remote users to...

Kesakode: A Remote Hash Lookup Service To Identify Malware Samples

Today marks a significant milestone for Malcat users with the release of version 0.9.6,...

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software's web-based...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles