News Pulse India

Google Fixes 3 of Android’s Most Actively Exploited Bugs: Complete Information

<p>The monthly security upgrades from Google for the Android operating system include solutions for three actively exploited issues as well as 46 vulnerabilities.</p>
<p>According to Android Security Bulletin, “There are indications that the following (vulnerabilities) — CVE-2023-26083, CVE-2021-29256, and CVE-2023-2136 — may be under limited, targeted exploitation.”</p>
<p>A December 2022 attack chain that delivered malware to Samsung devices used CVE-2023-26083, a medium-severity memory leak issue in the Arm Mali GPU driver for Bifrost, Avalon, and Valhall processors, according to BleepingComputer.<img decoding=”async” class=”alignnone wp-image-61779″ src=”×422.jpg” alt=”” width=”1560″ height=”878″ srcset=”×422.jpg 750w,×432.jpg 768w,×220.jpg 390w,×84.jpg 150w, 800w” sizes=”(max-width: 1560px) 100vw, 1560px” /></p>
<p>Specific versions of the Bifrost and Midgard Arm Mali GPU kernel drivers are vulnerable to CVE-2021-29256, a significant (CVSS v3.1: 8.8) vulnerability that allows for the exposure of unprivileged information and the elevation of root power.</p>
<p>As an integer overflow flaw in Skia, Google’s open-source, cross-platform 2D graphics library, which is also used in Chrome, the third vulnerability, CVE-2023-2136, is critical-severity and has a score of 9.6 out of 10. It was resolved in April, according to the study.</p>
<p>The most significant security flaw that Google repaired this month, according to the report, is CVE-2023-21250, a major vulnerability in the System component of Android that affects versions 11, 12, and 13.</p>
<p>This month’s Android security update covers Android versions 11, 12, and 13, although depending on the severity of the vulnerabilities fixed, it may also impact earlier, unsupported OS versions.</p>
<p>Google released a security update for the Chrome web browser last month to fix the third zero-day vulnerability that hackers have exploited this year.</p>
<p>Google acknowledged the existence of a CVE-2023-3079 vulnerability in the wild in a blog post.</p>
<p> </p>
<p> </p>

Related posts

UPI transaction timer Value of Rs 17.4 trillion for November shows a 1.4 percent increase


Children and people with dark complexion are harder to see by driverless automobiles, according to a study


Apple’s 2023 Product Launch: MacBook Air, Vision Pro, and USB-C iPhones