Sunday , October 6 2024

Google Patches 46 Android Vulnerabilities, Including 3 Actively Exploited

Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Three of these vulnerabilities have been identified as actively exploited in targeted attacks.

One vulnerability, tracked as CVE-2023-26083, is a memory leak flaw affecting the Arm Mali GPU driver for Bifrost, Avalon, and Valhall chips. This vulnerability was exploited in a previous attack that enabled spyware infiltration on Samsung devices in December 2022. The Cybersecurity and Infrastructure Security Agency (CISA) issued a patching order for federal agencies in April 2023 to address this vulnerability.

First Half Of 2024 Report
Bangladeshi 32.4% government websites face cyber attack: NAS report

National Attack Surface (NAS) report for the first half of 2024 reveals that 56.6% of cyberattacks in Bangladesh targeted educational...
Read More
First Half Of 2024 Report  Bangladeshi 32.4% government websites face cyber attack: NAS report

Prince Ransomware Hits UK and US

A new ransomware campaign is targeting individuals and organizations in the UK and US. The "Prince Ransomware" attack uses a...
Read More
Prince Ransomware Hits UK and US

CISA warns active exploit of Zimbra & Ivanti endpoint manager Vulns

CISA has issued an urgent alert about critical vulnerabilities being exploited in Synacor’s Zimbra Collaboration and Ivanti’s Endpoint Manager (EPM)....
Read More
CISA warns active exploit of Zimbra & Ivanti endpoint manager Vulns

A summary of “2024 State of Cybersecurity survey” by ISACA

ISACA 2024 survey report reveals that 66% of cybersecurity professionals find their jobs more stressful now than five years ago....
Read More
A summary of “2024 State of Cybersecurity survey” by ISACA

ISACA reveals
64% of Australian cybersecurity professionals feel increasing stress

A recent study by ISACA shows that almost two-thirds of cybersecurity professionals report increasing job stress. The 2024 State of...
Read More
ISACA reveals  64% of Australian cybersecurity professionals feel increasing stress

Researchers detected 31 new Malware in September

In September, cybersecurity experts discovered 31 new ransomware variants that threaten individuals and businesses. These programs encrypt valuable data, making...
Read More
Researchers detected 31 new Malware in September

CRI Release New Ransomware Response Guidance

New guidance on ransomware, released during this week's International Counter Ransomware Initiative (CRI) meeting, encourages victims to report attacks to...
Read More
CRI Release New Ransomware Response Guidance

ALERT
Over 700,000 Routers Vulnerable to Hack for 14 security flaws

Over 14 new security flaws have been found in DrayTek routers for homes and businesses, which could allow attackers to...
Read More
ALERT  Over 700,000 Routers Vulnerable to Hack for 14 security flaws

Patch it now!
Critical Zimbra RCE flaw exploited: Needs Immediate Patching

Hackers are exploiting a recently revealed RCE vulnerability in Zimbra email servers that can be activated by sending specially crafted...
Read More
Patch it now!  Critical Zimbra RCE flaw exploited: Needs Immediate Patching

CISA Warns
Network switch RCE flaw impacts critical infrastructure

CISA warns of two serious vulnerabilities in Optigo Networks ONS-S8 Aggregation Switches, which could allow authentication bypass and remote code...
Read More
CISA Warns  Network switch RCE flaw impacts critical infrastructure

ALSO READ:

BDSec CTF 2023 calling you, Registration opens

Another significant vulnerability, identified as CVE-2021-29256, affects specific versions of the Bifrost and Midgard Arm Mali GPU kernel drivers. This flaw allows an unprivileged user to gain unauthorized access to sensitive data and escalate privileges to the root level.

The third exploited vulnerability, CVE-2023-2136, is a critical-severity bug discovered in Skia, Google’s open-source multi-platform 2D graphics library. It was initially disclosed as a zero-day vulnerability in the Chrome browser and allows a remote attacker who has taken over the renderer process to perform a sandbox escape and implement remote code on Android devices.

In addition to these three vulnerabilities, Google’s July Android security bulletin highlights another critical vulnerability, CVE-2023-21250, affecting the Android System component. This issue can cause remote code execution without user interaction or additional execution privileges, making it particularly precarious.

The security updates are rolled out in two patch levels. The initial patch level, made available on July 1, focuses on core Android components, addressing 22 security defects in the Framework and System components.

The second patch level, released on July 5, targets kernel and closed source components, tackling 20 vulnerabilities in Kernel, Arm, Imagination Technologies, MediaTek, and Qualcomm components.

It is important to note that the impact of the addressed vulnerabilities may extend beyond the supported Android versions (11, 12, and 13), potentially affecting older OS versions that no longer receive official support.

Google has also released specific security patches for its Pixel devices, addressing 14 vulnerabilities in Kernel, Pixel, and Qualcomm components. Two of these critical weaknesses could result in privilege elevation and denial-of-service attacks.

Check Also

CISA

CISA reveals 2 Industrial Control Systems Advisories

On October 1, 2024, CISA released two advisories regarding Industrial Control Systems (ICS), highlighting current …

Leave a Reply

Your email address will not be published. Required fields are marked *