Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Android’s First Security Updates for 2023 Patch 60 Vulnerabilities

Google announced on Tuesday the first Android security updates for 2023, which patch a total of 60 vulnerabilities.

The first part of the update, which arrives on devices as the 2023-01-01 security patch level, addresses 19 security defects in the Framework and System components.

Google announced on Tuesday the first Android security updates for 2023, which patch a total of 60 vulnerabilities.

The first part of the update, which arrives on devices as the 2023-01-01 security patch level, addresses 19 security defects in the Framework and System components.

“The most severe of these issues is a high security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed,” Google notes in its advisory.

A total of 11 elevation of privilege bugs were resolved in the Framework component this month, along with three denial-of-service (DoS) issues. Five other elevation of privilege vulnerabilities were addressed in the System component.

The second part of this month’s security update, which arrives on devices as the 2023-01-05 security patch level, addresses 41 vulnerabilities in Kernel and third-party components.

The most important of these vulnerabilities are four critical-severity flaws in Kernel and Kernel components, all leading to remote code execution (RCE). Two high-severity elevation of privilege bugs were also addressed in Kernel and Kernel components.

The 2023-01-05 security patch level also fixes vulnerabilities in Kernel LTS (1 bug), Imagination Technologies components (1), MediaTek components (3), Unisoc components (13), Qualcomm components (2), and Qualcomm closed-source components (15).

A security patch level of 2023-01-05 addresses all issues resolved with this and previous Android security updates.

This month, Google resolved eight additional vulnerabilities in Pixel devices, including three high-severity Pixel flaws and five medium-severity issues in Qualcomm components.

Google also announced patches for eight vulnerabilities as part of the January 2023 security updates for Android Automotive, including three mandatory issues in the Media Framework and Platform Apps components, and five optional bugs in Platform Apps, System UI, and Kernel components.

Related: Over 75 Vulnerabilities Patched in Android With December 2022 Security Updates

Related: Google Patches High-Severity Privilege Escalation Vulnerabilities in Android

Related: Android Security Updates Patch Critical Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.