Google and other Android device manufacturers have released their monthly collective security updates.
Attackers can attack Android in many ways and paralyze devices via DoS attack or even execute malicious code. Some manufacturers have now released important security patches for certain smartphones and tablets.
In one post, Google explicitly warns about a "critical" system vulnerability (CVE-2023-21273). According to Google, Android 11, 12, 12L and 13 are affected by this. Attackers should not need any further execution privileges for this. How attacks could look in detail is currently unknown. There are other vulnerabilities in the system and attackers can access information without authorization and gain higher user rights.
A "critical" vulnerability (CVE-2023-21282) affects the Media Framework and could also let malicious code onto devices. Attacks are said to be possible remotely. In the framework, the developers have closed 17 vulnerabilities, all of which are rated with a "high" threat level.
The kernel is also affected by a "critical" vulnerability (CVE-2023-21264). Attackers can target the KVM subcomponent here for higher user privileges. Arm, MediaTek and Qualcomm have closed gaps in other subcomponents that affect them, such as Mali.
Those who own a supported Android device should make sure that the patch level 2023-08-01 or 2023-08-05 is installed. Besides Google, other manufacturers like LG and Samsung provide monthly security updates for some models for download (see box).
Another article reveals that Google's Pixel series has received additional security updates. For example, the WLAN component has been secured. Google classifies the threat of these vulnerabilities as "moderate".