Google's latest Android security update fixes some worrying flaws

Google Android figure standing on laptop keyboard with code in background
(Image credit: Shutterstock / quietbits)

Google has released a patch that fixes three high-severity Android vulnerabilities, including one that is allegedly being exploited in the wild. 

Given that the flaws affect some of the newest versions of the famed mobile operating system, businesses are advised to patch their endpoints as soon as possible.

Listing the details in its April 2023 Android security bulletin, Google said the flaws are being tracked as CVE-2023-21085, CVE-2023-21096, and CVE-2022-38181. 

Multiple versions affected

The first and second one are an Android System vulnerability that allow for remote code execution. They could be exploited via phishing, researchers are saying. The third one is a flaw in the Arm Mali GPU kernel driver, and apparently, this is the one that’s been in use by hackers since late last year. Described as a use-after-free vulnerability, it allowed threat actors to escalate privileges on target endpoints via malicious apps

Google did not discuss who used the flaws, against whom, and to what goals. 

Android 11, Android 12, Android 12L, and Android 13 are all affected by these flaws, and Google advises users to apply the fix immediately. That can be done by navigating to the Settings menu and scrolling down to the About Phone section. There, one can find a menu item that checks for the available software updates.

Unlike Apple’s iOS, Google’s mobile ecosystem is decentralized, meaning that different manufacturers might take more, or less time, to release the patch. If there’s no patch available for your device, you can probably expect one in the coming days and weeks.

Also, getting an Android antivirus app can’t hurt, as the best ones do a decent job of protecting mobile devices from malware and similar vulnerabilities. Also make sure Google Play Protect is enabled, as that’s Android’s default Android antivirus app and usually comes pre-installed.

  • Keep your business safe with the best firewall for small business

Via: Tom's Guide

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
MediaTek
MediaTek reveals host of security vulnerabilities, so patch now
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
A hacker wearing a hoodie sitting at a computer, his face hidden.
Microsoft patches three worrying security flaws in its latest critical update, so update now
Security
Broadcom releases fixes for multiple VMware security flaws
Apple's new "Share Item Location" feature for AirTags.
Apple security alert - zero-day patched, so update your devices now
Representational image of a cybercriminal
Microsoft just patched a host of worrying security issues, so update now
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Lenovo | Thinkpad T14s Gen 6 Snapdragon
Windows 11’s latest patch declares war on BIOS updates for some Lenovo laptops, blocking them as a security risk in a bizarre turn of events
Tomodachi Life: Living the Dream screenshot showing a Mii smelling some fresh flowers.
Tomodachi Life: Living the Dream is a sequel to my favorite 3DS game, and I think it's already packing the charm that inZOI lacks
Google Pixel Watch 3 side dial and button
Google Gemini reportedly spotted on Wear OS – could a rollout be close at hand?
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Toni Collette in Hereditary
Everything leaving Netflix in April 2025 – from the scariest movie ever made to a beloved DreamWorks animation with 99% on Rotten Tomatoes