Google’s latest Android security update fixes some worrying flaws

Three Android security flaws were addressed

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Googlehas released a patch that fixes three high-severity Android vulnerabilities, including one that is allegedly being exploited in the wild.

Given that the flaws affect some of the newest versions of the famed mobileoperating system, businesses are advised to patch theirendpointsas soon as possible.

Listing the details in itsApril 2023 Android security bulletin, Google said the flaws are being tracked as CVE-2023-21085, CVE-2023-21096, and CVE-2022-38181.

Multiple versions affected

The first and second one are an Android System vulnerability that allow for remote code execution. They could be exploited via phishing, researchers are saying. The third one is a flaw in theArmMali GPU kernel driver, and apparently, this is the one that’s been in use by hackers since late last year. Described as a use-after-free vulnerability, it allowed threat actors to escalate privileges on target endpoints viamalicious apps.

Google did not discuss who used the flaws, against whom, and to what goals.

Android 11, Android 12, Android 12L, and Android 13 are all affected by these flaws, and Google advises users to apply the fix immediately. That can be done by navigating to the Settings menu and scrolling down to the About Phone section. There, one can find a menu item that checks for the available software updates.

Several zero day vulnerabilities are plaguing Android devices with Samsung chips, warns Google>Google warns millions of Android devices could be at risk of attack due to this flaw>Here are the best ID theft protection solutions today

UnlikeApple’s iOS, Google’s mobile ecosystem is decentralized, meaning that different manufacturers might take more, or less time, to release the patch. If there’s no patch available for your device, you can probably expect one in the coming days and weeks.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Also, getting an Android antivirus app can’t hurt, as the best ones do a decent job of protecting mobile devices from malware and similar vulnerabilities. Also make sureGoogle PlayProtect is enabled, as that’s Android’s default Android antivirus app and usually comes pre-installed.

Via:Tom’s Guide

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)