Just over 40 vulnerabilities have been patched by Google in the Android operating system with the release of the August 2023 security updates.
According to the tech giant, the most serious of the vulnerabilities is CVE-2023-21273, a critical remote code execution issue affecting the System component. No user interaction or elevated privileges are required for exploitation. CVE-2023-21273 impacts Android 11, 12, 12L and 13.
Several other vulnerabilities have also been rated ‘critical’, including CVE-2023-21282 (remote code execution flaw in Media Framework component), CVE-2023-21264 (kernel privilege escalation flaw), and CVE-2022-40510 (memory corruption in Qualcomm closed-source components).
Three dozen of the security holes patched with the latest updates have been assigned a ‘high severity’ rating. A majority can lead to privilege escalation and information disclosure, and some can be exploited for denial-of-service (DoS) attacks.
“Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible,” Google noted in its security bulletin.
The tech giant also announced on Tuesday that the upcoming Android 14 will introduce new cellular security mitigations for consumers and enterprises. This includes the ability to disable 2G support, and a feature to disable support for null-ciphered cellular connectivity.
Google is aware of four Android vulnerabilities with 2023 CVE identifiers that have been exploited in attacks. However, the company noted recently that it can take so long for Android patches to reach end users that n-day vulnerabilities are often just as good as zero-days.