**⇄ Σ = Mᄃ² ⇆** @[email protected] · Oct 09, 2023, 07:51

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Oct 09, 2023, 07:51

⇄ Σ = Mᄃ² ⇆ @[email protected]

Oct 09, 2023, 07:51

Google has patched 53 vulnerabilities in its Android October security updates, two of which are known to be actively exploited. Google's security bulletin notes that there are indications that these two vulnerabilities may be under limited, targeted exploitation.

https://source.android.com/docs/security/bulletin/2023-10-01

Update your Android devices now! if you haven't already got the OTA update do a manual check - i had to manually check mine yesterday for the update to show

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Oct 09, 2023, 07:54

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Oct 09, 2023, 07:54

Oct 09, 2023, 07:54

⇄ Σ = Mᄃ² ⇆ @[email protected]

CVE-2023-4863 was due on October 4, 2023 and CVE-2023-4211 has to be patched by October 24, 2023.

#CoSoSec

The Cybersecurity & Infrastructure Security Agency (CISA) has already added these two actively exploited vulnerabilities to its catalog of known to be exploited vulnerabilities

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Oct 09, 2023, 07:57

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Oct 09, 2023, 07:57

Oct 09, 2023, 07:57

⇄ Σ = Mᄃ² ⇆ @[email protected]

CVE-2023-4863: a heap buffer overflow in libwebp which affects many applications that use this library to encode and decode images in the WebP format, allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

This is a vulnerability that impacts many applications, which malwarebytes have discussed at length in an article explaining how it was used to install spyware.

https://www.malwarebytes.com/blog/news/2023/09/pegasus-spyware-and-how-it-exploited-a-webp-vulnerability