The June 2023 Android Security Bulletin provides details about the fix for more than fifty vulnerabilities affecting Android devices.
Security updates released this month also addressed a vulnerability, tracked as CVE-2022-22706, that affects the Arm Mali GPU. The flaw made headlines because it was exploited by surveillance firms for their spyware.
CVE-2022-22706, a vulnerability in Mali GPU Kernel Driver fixed by ARM in January 2022 and marked as being used in the wild. At the time of delivery, the latest Samsung firmware had not included a fix for this vulnerability. This vulnerability grants the attacker system access.
In March, Google’s Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome. The experts pointed out that both campaigns were limited and highly targeted. The threat actors behind the attacks used both zero-day and n-day exploits in their exploits.
The exploit chains were used to install commercial spyware and malicious apps on targets’ devices. The CVE-2022-22706 vulnerability was exploited as part of these exploit chains.
In early April, U.S. Cybersecurity and Infrastructure Security Agency (CISA) added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including the above issue.
June 2023 Android update includes 2023-06-01 security patch level vulnerability details and 2023-06-05 security patch level vulnerability details.
As usual, the June 2023 Android update is split into two. The first part, which arrives on devices as the 2023-06-01 security patch level, resolves 10 vulnerabilities in the Framework component and 13 bugs in the System component.
Three of these issues are critical-severity remote code execution (RCE) flaws. They are tracked as CVE-2023-21127, CVE-2023-21108, and CVE-2023-21130.
The most severe of these vulnerabilities addressed by Google is a critical security issue that resides in the System component. An attacker can exploit the flaw to achieve remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. The experts pointed out that the issue doesn’t require user interaction for exploitation.
“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation,” reads the advisory.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, surveillance, spyware)
Pro-Russia hackers targeted government websites in Kosovo in retaliation for the government's support to Ukraine…
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles…
Black Basta ransomware affiliates have breached over 500 organizations between April 2022 and May 2024,…
The cyber attack on the Ohio Lottery on Christmas Eve exposed the personal data of…
Notorius threat actor IntelBroker claims that Europol has suffered a data breach that exposed FOUO…
A cyberattack hit the US Healthcare giant Ascension and is causing disruption of the systems…
This website uses cookies.