This month’s Android security updates patched a high-severity vulnerability that allowed attackers to install commercial spyware on Android devices.
Hackers exploited the security flaw (CVE-2023-0266) as a zero-day in a spyware campaign. This campaign targeted Samsung Android phones as part of a complex chain of multiple zero-days and n-days.
The exploit chain also included a zero-day (CVE-2022-4262) in the Chrome web browser and a Chrome sandbox escape. In addition, there were vulnerabilities in the Mali GPU Kernel Driver and the Linux Kernel.
What Google TAG says about it
The Android security team has warned that the CVE-2023-0266 vulnerability may be under limited, targeted exploitation. Google TAG had linked the attacks to the Spanish spyware vendor Variston. This vendor is known for its Heliconia exploit framework that targets the Windows platform.
The vulnerability is a weakness in the Linux Kernel subsystem that could result in privilege escalation without requiring user interaction.
According to the Google TAG report, attackers deployed a spyware suite on compromised devices that could decrypt and extract data from chat and browser apps.
The Android security team wants users to update ASAP
In response to the threat, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2023-0266 to the Known Exploited Vulnerabilities list a day after the published Google TAG report.
Federal Civilian Executive Branch Agencies (FCEB) were given until April 20 to secure all vulnerable Android devices against attacks that could target the bug. This month’s Android security updates also address dozens of other high-severity privilege escalation issues in the OS and various components.
On top of that, the Android security team published the May Pixel Update Bulletin on Monday, which addresses flaws in supported Pixel devices and Qualcomm components. Android users must update their devices as soon as possible to protect against potential attacks.
Also read: This is how to keep mobile devices safe in the workplace
5 hours ago
