Google has released a patch that fixes three major Android vulnerabilities, including one allegedly exploited in the wild.
Given that the vulnerabilities affect some of the latest versions of the famous mobile operating system, companies are advised to patch endpoints as soon as possible.
Listing details in his April 2023 Android Security Bulletin (opens in a new tab)Google said the vulnerabilities are tracked as CVE-2023-21085, CVE-2023-21096, and CVE-2022-38181.
This applies to multiple versions
The first and second are vulnerabilities in Android that allow remote code execution. Researchers say they can be exploited by phishing. The third is a vulnerability in the Arm Mali GPU kernel driver, and apparently this is the one that has been used by hackers since late last year. Described as a use-after-free vulnerability, it allowed cybercriminals to escalate privileges on targeted endpoints via malicious applications.
Google did not discuss who used the flaws, against whom, and for what purposes.
These flaws affect Android 11, Android 12, Android 12L, and Android 13, and Google advises users to apply the fix immediately. This can be done by going to the Settings menu and scrolling down to the About phone section. There you can find a menu item that checks for available software updates.
Unlike Apple’s iOS, Google’s mobile ecosystem is decentralized, which means different manufacturers may need more or less time to release a patch. If there is no patch available for your device, you can probably expect one in the coming days and weeks.
Also, it won’t hurt to buy an Android antivirus app as the best ones do a decent job of protecting mobile devices from malware and similar vulnerabilities. Also, make sure that Google Play Protect is turned on as it is the default Android antivirus app and usually comes pre-installed.
- Keep your business secure with the best firewall for small businesses
By: Tom’s guide (opens in a new tab)