Google has released a patch that fixes three high-severity Android vulnerabilities, including one that is allegedly being exploited in the wild.
Given that the flaws affect some of the newest versions of the famed mobile operating system, businesses are advised to patch their endpoints as soon as possible.
Listing the details in its April 2023 Android security bulletin, Google said the flaws are being tracked as CVE-2023-21085, CVE-2023-21096, and CVE-2022-38181.
Multiple versions affected
The first and second one are an Android System vulnerability that allow for remote code execution. They could be exploited via phishing, researchers are saying. The third one is a flaw in the Arm Mali GPU kernel driver, and apparently, this is the one that’s been in use by hackers since late last year. Described as a use-after-free vulnerability, it allowed threat actors to escalate privileges on target endpoints via malicious apps.
Google did not discuss who used the flaws, against whom, and to what goals.
Android 11, Android 12, Android 12L, and Android 13 are all affected by these flaws, and Google advises users to apply the fix immediately. That can be done by navigating to the Settings menu and scrolling down to the About Phone section. There, one can find a menu item that checks for the available software updates.
Unlike Apple’s iOS, Google’s mobile ecosystem is decentralized, meaning that different manufacturers might take more, or less time, to release the patch. If there’s no patch available for your device, you can probably expect one in the coming days and weeks.
Also, getting an Android antivirus app can’t hurt, as the best ones do a decent job of protecting mobile devices from malware and similar vulnerabilities. Also make sure Google Play Protect is enabled, as that’s Android’s default Android antivirus app and usually comes pre-installed.
- Keep your business safe with the best firewall for small business
Via: Tom's Guide