Google Rolls Out July Security Updates for Android, Addressing 46 Vulnerabilities

July 6, 2023

Google's recent security patches for Android tackle 46 vulnerabilities, with three suspected of being actively exploited. The company's security bulletin states, “There are indications that the following [vulnerabilities] may be under limited, targeted exploitation,” referencing CVE-2023-26083, CVE-2021-29256, and CVE-2023-2136.

CVE-2023-26083, a medium-severity memory leak flaw in the Arm Mali GPU driver for Bifrost, Avalon, and Valhall chips, was used in a spyware delivery chain targeting Samsung devices in December 2022. The flaw was sufficiently serious to warrant a CISA order requiring federal agencies to patch it in April 2023.

CVE-2021-29256, a high-severity (CVSS v3.1: 8.8) unprivileged information disclosure and root privilege escalation flaw, affects specific versions of the Bifrost and Midgard Arm Mali GPU kernel drivers.

CVE-2023-2136, a critical-severity integer overflow bug in Skia, Google’s open-source multi-platform 2D graphics library also used in Chrome, was fixed in April.

The most severe vulnerability patched this month is CVE-2023-21250, a critical vulnerability in Android’s System component affecting Android versions 11, 12, and 13. Google indicates that exploiting CVE-2023-21250 could result in remote code execution without user interaction or additional execution privileges, without providing further details.

Google's update follows a two-patch level system, one for core Android components and a second for kernel and closed source components, allowing device manufacturers to selectively apply patches relevant to their hardware. The first patch level includes the current month’s framework updates and both levels of the previous month, in this case, June 2023. Users receiving the second patch level get all the previous updates, plus the July 2023 vendor and kernel patches.

While the security update covers Android versions 11, 12, and 13, some vulnerabilities may affect older OS versions no longer supported. In such cases, upgrading to a newer device model or installing a third-party Android distribution that implements security updates for older devices, albeit with a delay, is recommended.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.