Connect with us

Hi, what are you looking for?


Mobile & Wireless

Android’s October 2023 Security Updates Patch Two Exploited Vulnerabilities

The October 2023 security update for Android patches two vulnerabilities exploited in attacks, both likely linked to spyware vendors.

Android security updates

Google on Monday announced the release of patches for 51 vulnerabilities as part of the October 2023 security updates for Android, including fixes for two zero-day flaws exploited in malicious attacks.

The first of the exploited issues is CVE-2023-4863 (CVSS score of 8.8), a heap buffer overflow in the Libwebp library that leads to an out-of-bounds memory write and remote code execution (RCE).

In the Android security bulletin for October 2023, Google explains that the vulnerability impacts the System component and assesses it with a ‘critical’ severity rating.

While the tech giant does not provide specific information on the observed in-the-wild exploitation, the issue was identified and reported by Apple and the Citizen Lab group at The University of Torontoʼs Munk School, which often details attacks linked to commercial spyware vendors. The flaw had been exploited to deliver spyware to iPhones. 

Over the past weeks, vendors have been scrambling to assess the impact of CVE-2023-4863 and address the bug. To date, Palo Alto Networks, 1Password, Microsoft, and others have released advisories. 

It’s worth noting that while CVE-2023-4863 has been reportedly exploited in the wild, there are no details on attacks beyond the ones aimed at iPhones. 

Typically, Google splits Android security bulletins into two different patch levels, based on the affected components, but this month’s bulletin has a third part, the 2023-10-06 security patch level, which specifically addresses CVE-2023-4863.

The second zero-day flaw addressed in Android this month is CVE-2023-4211, a bug in the Arm Mali GPU driver that allows a local non-privileged user to make “improper GPU memory processing operations to gain access to already freed memory”.

Advertisement. Scroll to continue reading.

“There is evidence that this vulnerability may be under limited, targeted exploitation,” Google and Arm note in their advisories.

No information is available on these attacks. However, in the past, Google reported seeing Arm Mali GPU driver vulnerabilities being included in sophisticated exploit chains whose ultimate goal was the delivery of commercial spyware. This might be the case with CVE-2023-4211 as well, considering that Google researchers have been credited by Arm for reporting the flaw. 

CVE-2023-4211 was addressed as part of the 2023-10-05 security patch level, which resolves a total of 26 issues in Arm, MediaTek, Unisoc, and Qualcomm components.

For Pixel devices, patches for the Mali GPU driver vulnerability were released on September 18, with an out-of-band Pixel update bulletin.

The first part of this month’s Android update, the 2023-10-01 security patch level, addresses 24 flaws in the platform’s Framework and System components.

All 51 vulnerabilities are addressed on devices running a security patch level of 2023-10-06 or higher.

Related: Android Zero-Day Patched With September 2023 Security Updates

Related: Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor

Related: Google Patches Chrome Zero-Day Reported by Apple, Spyware Hunters

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.