PSA: #Android
Google has patched 53 vulnerabilities in its Android October security updates, two of which are known to be actively exploited. Google's security bulletin notes that there are indications that these two vulnerabilities may be under limited, targeted exploitation.
https://source.android.com/docs/security/bulletin/2023-10-01
Update your Android devices now! if you haven't already got the OTA update do a manual check - i had to manually check mine yesterday for the update to show
CVE-2023-4863 was due on October 4, 2023 and CVE-2023-4211 has to be patched by October 24, 2023.
The Cybersecurity & Infrastructure Security Agency (CISA) has already added these two actively exploited vulnerabilities to its catalog of known to be exploited vulnerabilities
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
CVE-2023-4863: a heap buffer overflow in libwebp which affects many applications that use this library to encode and decode images in the WebP format, allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
This is a vulnerability that impacts many applications, which malwarebytes have discussed at length in an article explaining how it was used to install spyware.
including on phones developed by Google, Samsung, Huawei, and Xiaomi, as well as in some Linux devices
A GPU is a specific type of chip mostly used for graphics-related tasks, such as rendering images and videos, but also for resource-heavy calculations, such as training artificial intelligence
The higher the patch level number, the more vulnerabilities will be fixed. In this round the only difference between patch levels 2023-10-05 and 2023-10-06 is the important patch for CVE-2023-4211