PSA:

Google has patched 53 vulnerabilities in its Android October security updates, two of which are known to be actively exploited. Google's security bulletin notes that there are indications that these two vulnerabilities may be under limited, targeted exploitation.

source.android.com/docs/securi

Update your Android devices now! if you haven't already got the OTA update do a manual check - i had to manually check mine yesterday for the update to show

CVE-2023-4863 was due on October 4, 2023 and CVE-2023-4211 has to be patched by October 24, 2023.

The Cybersecurity & Infrastructure Security Agency (CISA) has already added these two actively exploited vulnerabilities to its catalog of known to be exploited vulnerabilities

cisa.gov/known-exploited-vulne

CVE-2023-4863: a heap buffer overflow in libwebp which affects many applications that use this library to encode and decode images in the WebP format, allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

This is a vulnerability that impacts many applications, which malwarebytes have discussed at length in an article explaining how it was used to install spyware.

malwarebytes.com/blog/news/202

That vulnerability is patched if your phone is at patch level 2023-10-05.

But the next one isn’t. Your phone needs to be at patch level 2023-10-06 for that.

CVE-2023-4211: a local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory

this vulnerability affects multiple versions of Arm Mali GPU drivers which are used in a broad range of Android device models

Follow

including on phones developed by Google, Samsung, Huawei, and Xiaomi, as well as in some Linux devices

A GPU is a specific type of chip mostly used for graphics-related tasks, such as rendering images and videos, but also for resource-heavy calculations, such as training artificial intelligence

The higher the patch level number, the more vulnerabilities will be fixed. In this round the only difference between patch levels 2023-10-05 and 2023-10-06 is the important patch for CVE-2023-4211

Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.