Connect with us

Hi, what are you looking for?


Mobile & Wireless

Android Security Update Patches Kernel Vulnerability Exploited by Spyware Vendor

Google’s latest Android security updates patch over 40 vulnerabilities, including CVE-2023-0266, a kernel flaw exploited as a zero-day by a spyware vendor.

Android zero day

Google’s Android security updates for May 2023 patch more than 40 vulnerabilities, including a kernel flaw exploited as a zero-day by a spyware vendor. 

The latest Android updates patch vulnerabilities in the framework, system, kernel, Arm, Imagination Technologies, MediaTek, Unisoc, and Qualcomm components. 

A vast majority of the security holes have been assigned a ‘high severity’ rating and they can be exploited for privilege escalation, DoS attacks, and information disclosure. 

The vulnerability that was exploited as a zero-day is tracked as CVE-2023-0266 and it has been described by Google as a moderate-severity kernel flaw that can be exploited for local privilege escalation without user interaction. An entry in NIST’s National Vulnerability Database describes it as a high-severity use-after-free in the Linux kernel’s ALSA PCM package.

Exploitation of the vulnerability was first mentioned by Google in late March, when the company described several Android and iOS zero-day vulnerabilities whose exploitation had been linked to commercial spyware vendors.

In the case of CVE-2023-0266, it was used as part of an exploit chain involving several vulnerabilities, including ones impacting Chrome and the Mali GPU kernel driver. The attackers delivered the exploits as links sent to the targeted individual via SMS. The hackers actually targeted the Samsung Internet Browser, which is based on Chromium but lacks some of the important mitigations present in Chrome. 

The targets were users in the United Arab Emirates and the attackers’ goal was to deliver full-featured Android spyware to their devices. The attacks are believed to have been carried out by a customer or partner of a Spanish spyware vendor named Variston, whose activities were brought to light by the tech giant in November 2022. 

Advertisement. Scroll to continue reading.

CVE-2023-0266 was also added in late March to the Known Exploited Vulnerabilities Catalog maintained by the US Cybersecurity and Infrastructure Security Agency (CISA). 

According to data from Google, three Android vulnerabilities that came to light this year have been exploited in attacks. 

Google this week also released a security update for its Pixel phones to patch a couple of vulnerabilities. CVE-2023-0266 was patched in Pixel devices in April. 

Related: Google, CISA Warn of Android Flaw After Reports of Chinese App Zero-Day Exploitation

Related: Android’s April 2023 Updates Patch Critical Remote Code Execution Vulnerabilities

Related: Google Patches Android Zero-Day Exploited in Targeted Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...