Google released updates for the Android security system for October 2023, eliminating 54 unique vulnerabilities, including two, which, as you know, are actively used by attackers.
CVE-2023-4863 and CVE-2023-4211 – these are just those vulnerabilities in respect of which Google has reason to believe that they “may be subjected to limited purposeful use.”
CVE-2023-4863 – this is the vulnerability of the buffer overflowing in the widespread library with an open source Libwebp, which affects numerous software products, including Chrome, Firefox, iOS, Microsoft Teams and many others.
This vulnerability was originally assigned separate CVE identifiers for Apple iOS and Google Chrome, although in fact the error was hidden in the basic library.
CVE-2023-4211 is an actively used vulnerability that affects several versions of the ARM graphic MALI graphic processors used in a wide spectrum of Android devices.
This safety drawing is USE-After-Free vulnerability, which can allow attackers to local access to confidential data or manipulate them.
In general, the October security update brings the following corrections:
Category | Number of Corrections |
---|---|
Android platform | 13 |
System components | 12 |
Google Play | 2 |
ARM components | 5 |
MediaTek chips | 3 |
Unisoc chips | 1 |
Qualcomm components |