CarderPlanet
Professional
- Messages
- 2,552
- Reaction score
- 725
- Points
- 113
Outdated smartphones "in flight". So how do you protect your device?
Google has released Android security updates for October 2023 that address 54 unique vulnerabilities, including two known to be actively exploited by attackers.
CVE-2023-4863 and CVE-2023-4211 — these are exactly the vulnerabilities for which Google has reason to believe that they "may be subject to limited targeted use."
CVE-2023-4863 — This is a buffer overflow vulnerability in the ubiquitous open source library libwebp that affects numerous software products, including Chrome, Firefox, iOS, Microsoft Teams, and many others.
This vulnerability was initially assigned separate CVE IDs for Apple iOS and Google Chrome, although in fact the error was hidden in the base library.
CVE-2023-4211 — This is an actively exploited vulnerability that affects several versions of ARM's Mali GPU drivers used in a wide range of Android device models.
This security flaw is a Use-After-Free vulnerability that can allow attackers to access or manipulate sensitive data locally.
Overall, the October security update brings the following fixes:
Of the 54 fixes related to Android 11-13, five are rated as critical, and two more relate to problems with remote code execution.
This update follows the standard release system of two patch levels: the first (2023-10-01) addresses the core components of Android (framework + system), while the second (2023-10-06) addresses the core and closed-source components.
This approach allows device manufacturers to selectively apply updates that match their hardware models, thereby deploying them faster to supported devices.
Recipients of the first level of fixes will receive updates to the current month's Android kernel, as well as updates to both levels of the previous month, in this case September 2023. In turn, recipients of the second level of the update will receive all the updates mentioned in the newsletter for this month.
Android 10 and earlier versions are no longer officially supported and will not receive security updates. Users of older versions are advised to either upgrade to a more modern device, or flash their current smartphone with a third-party distribution on the latest version of Android, which offers the latest security updates. Although the second option can often lead to unstable operation of the system.
Google has released Android security updates for October 2023 that address 54 unique vulnerabilities, including two known to be actively exploited by attackers.
CVE-2023-4863 and CVE-2023-4211 — these are exactly the vulnerabilities for which Google has reason to believe that they "may be subject to limited targeted use."
CVE-2023-4863 — This is a buffer overflow vulnerability in the ubiquitous open source library libwebp that affects numerous software products, including Chrome, Firefox, iOS, Microsoft Teams, and many others.
This vulnerability was initially assigned separate CVE IDs for Apple iOS and Google Chrome, although in fact the error was hidden in the base library.
CVE-2023-4211 — This is an actively exploited vulnerability that affects several versions of ARM's Mali GPU drivers used in a wide range of Android device models.
This security flaw is a Use-After-Free vulnerability that can allow attackers to access or manipulate sensitive data locally.
Overall, the October security update brings the following fixes:
- 13 fixes for the Android platform;
- 12 fixes in system components;
- 2 updates on Google Play;
- 5 fixes in ARM components;
- 3 fixes for MediaTek chips;
- 1 fix regarding Unisoc chips;
- 18 Qualcomm component fixes;
Of the 54 fixes related to Android 11-13, five are rated as critical, and two more relate to problems with remote code execution.
This update follows the standard release system of two patch levels: the first (2023-10-01) addresses the core components of Android (framework + system), while the second (2023-10-06) addresses the core and closed-source components.
This approach allows device manufacturers to selectively apply updates that match their hardware models, thereby deploying them faster to supported devices.
Recipients of the first level of fixes will receive updates to the current month's Android kernel, as well as updates to both levels of the previous month, in this case September 2023. In turn, recipients of the second level of the update will receive all the updates mentioned in the newsletter for this month.
Android 10 and earlier versions are no longer officially supported and will not receive security updates. Users of older versions are advised to either upgrade to a more modern device, or flash their current smartphone with a third-party distribution on the latest version of Android, which offers the latest security updates. Although the second option can often lead to unstable operation of the system.
