2 min Security

Google fixes four major vulnerabilities in Android

Google fixes four major vulnerabilities in Android

Google has fixed quite a few vulnerabilities with the July 2023 Android security update. About four of these vulnerabilities have been classified as critical.

In total, Google fixed 46 vulnerabilities in the latest security update. Four are classified as critical to very critical because they are likely already being exploited. These are fixes for vulnerabilities CVE-2023-26083, CVE-2021-29256, CVE-2023-2136 and CVE-2023-21250.

The first vulnerability, CVE-2023-26083, is a memory leak in the ARM Mali GPU driver for Bitfrost, Avalon and Vallhall processors. This was exploited, among other things, in an exploit chain that delivered spyware to Samsung devices running Android in December 2022.

The second resolved critical vulnerability, CVE-2021-29256, is a very critical exploit. It enables non-privileged publication of data and root privilege escalation. This vulnerability also affects specific versions of the Bitfrost and Midgard ARM Mali GPU kernel drivers.

Other fixes

The third resolved vulnerability, CVE-2023-2136, is also a very important one according to Google. This is an integer overflow bug in Skia. Skia is the tech giant’s open-source multi-platform 2D graphics library. This bug was previously fixed in Chrome.

Finally, Google indicates that the really very important vulnerability CVE-2023-21250 in Android has received a fix. This vulnerability is in the Android System component and impacts Android 11, 12 and 13, allowing hackers to perform remote code execution without interacting with end users or other execution privileges.

All security updates target Android 11, 12 and 13, though these updates may affect older Android versions that are no longer supported.

Tip: How-to: run Android apps on Windows 11 in the EU