Google releases security update for Android, fixing critical vulnerabilities
Google has released the monthly security update for Android which includes fixes for 56 vulnerabilities, five of which have a critical rating. One of the vulnerabilities, CVE-2022-22706, was operated at least as early as last December and has a seriousness rating of 7.8 out of 10. The vulnerability is a serious error in the driver of the graphic nucleus MALI that could be used in a spy campaign aimed at Samsung phones.
The June 5, 2023 update includes a correction for the vulnerability in the driver of the graphic nucleus MALI. Google’s Threat Analysis Group has warned that the issue could be used in a targeted and purposeful manner. CISA also emphasized the active use of CVE-2022-22706 in recommendations issued in late March.
According to ARM, the issue affects the following versions of the nuclear drivers: Midgard GPU nucleus driver (all versions from R26P0 to R31P0), the DRIVER of the bifrost graphics processor core (all versions from R0P0 – R35P0), and NURALL DRIVER VALLLL GPU (all versions from R19P0 to R35P0). ARM has corrected the problem in the drivers of the nucleus bifrost and valhall gpu R36P0, and in the Midgard R32P0 nucleus driver.
The latest update has fixed the issue for stable versions of Android. Samsung, however, was quick to act and eliminated the vulnerability a little earlier, in the update of their devices from May 2023. The company’s swift actions are likely due to the fact that their users became the target of a spy campaign.
The update also includes fixes for other vulnerabilities of critical seriousness, such as remote code execution vulnerabilities in the Android system. These vulnerabilities impact Android 11, 12, and 13. Additionally, CVE-2022-33257 and CVE-2022-40529 are critical vulnerabilities of an indefinite type which affect components of Qualcomm with a closed source.