Google fixes over 60 Android vulnerabilities

Google has released patches that close several vulnerabilities identified in the Android OS, including three of the most dangerous: two of them received the status of critical, and the third, according to the company, was exploited by attackers.

Listing the details in the April 2023 Android Security Report, Google clarified that the most dangerous vulnerabilities were assigned CVE-2023-21085, CVE-2023-21096, and CVE-2022-38181. The first and second are Android vulnerabilities that allow code to be executed remotely without additional privileges for an attacker. True, they can only be exploited as a result of a phishing attack, that is, their work requires the participation of a potential victim, albeit unconsciously, Aroged reports.

The third was found in the Arm Mali GPU driver – it has been exploited by attackers since the end of last year, however, the company did not specify which hackers resorted to this tool, and who was the victim of the attack. The vulnerability allowed attackers to elevate privileges without user interaction.

In total, in April, Google released two Android patches: the first was aimed at fixing errors in the system itself, the second was related to the Arm core and components released by the company’s partners: Imagination Technologies, MediaTek, UNISOC and Qualcomm. In total, more than 60 vulnerabilities have been closed. Unfortunately, due to the fragmentation of Android, the release of updates depends on device manufacturers – supported smartphones and tablets should receive them soon.