**⇄ Σ = Mᄃ² ⇆** @[email protected] · Oct 09, 2023, 07:51

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Oct 09, 2023, 07:51

⇄ Σ = Mᄃ² ⇆ @[email protected]

Oct 09, 2023, 07:51

Google has patched 53 vulnerabilities in its Android October security updates, two of which are known to be actively exploited. Google's security bulletin notes that there are indications that these two vulnerabilities may be under limited, targeted exploitation.

https://source.android.com/docs/security/bulletin/2023-10-01

Update your Android devices now! if you haven't already got the OTA update do a manual check - i had to manually check mine yesterday for the update to show

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Oct 09, 2023, 07:54

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Oct 09, 2023, 07:54

Oct 09, 2023, 07:54

⇄ Σ = Mᄃ² ⇆ @[email protected]

CVE-2023-4863 was due on October 4, 2023 and CVE-2023-4211 has to be patched by October 24, 2023.

#CoSoSec

The Cybersecurity & Infrastructure Security Agency (CISA) has already added these two actively exploited vulnerabilities to its catalog of known to be exploited vulnerabilities

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Oct 09, 2023, 07:57

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Oct 09, 2023, 07:57

Oct 09, 2023, 07:57

⇄ Σ = Mᄃ² ⇆ @[email protected]

CVE-2023-4863: a heap buffer overflow in libwebp which affects many applications that use this library to encode and decode images in the WebP format, allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

This is a vulnerability that impacts many applications, which malwarebytes have discussed at length in an article explaining how it was used to install spyware.

https://www.malwarebytes.com/blog/news/2023/09/pegasus-spyware-and-how-it-exploited-a-webp-vulnerability

**⇄ Σ = Mᄃ² ⇆** @[email protected] · 2023-10-09T08:00:27Z

⇄ Σ = Mᄃ² ⇆ @[email protected]

That vulnerability is patched if your phone is at patch level 2023-10-05.

But the next one isn’t. Your phone needs to be at patch level 2023-10-06 for that.

CVE-2023-4211: a local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory

this vulnerability affects multiple versions of Arm Mali GPU drivers which are used in a broad range of Android device models

Oct 09, 2023, 08:00 · 2· 0· 1

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Oct 09, 2023, 08:02

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Oct 09, 2023, 08:02

Oct 09, 2023, 08:02

⇄ Σ = Mᄃ² ⇆ @[email protected]

including on phones developed by Google, Samsung, Huawei, and Xiaomi, as well as in some Linux devices

A GPU is a specific type of chip mostly used for graphics-related tasks, such as rendering images and videos, but also for resource-heavy calculations, such as training artificial intelligence

The higher the patch level number, the more vulnerabilities will be fixed. In this round the only difference between patch levels 2023-10-05 and 2023-10-06 is the important patch for CVE-2023-4211