Google has released a patch that fixes three very serious Android vulnerabilities, one of which is believed to be exploited in the wild.
Since the flaws affect some of the most recent versions of the famous mobile operating system, companies are advised to patch their devices as soon as possible.
Listing the details in its April 2023 Android Security Bulletin (opens in a new tab), Google said the flaws are tracked as CVE-2023-21085, CVE-2023-21096, and CVE-2022-38181.
Multiple versions affected
The first and second are a vulnerability in the Android system that allows remote code execution. They could be exploited through phishing, the researchers say. The third is a flaw in the Arm Mali GPU kernel driver, and is apparently the one hackers have been using since late last year. Described as a post-release use vulnerability, it allowed threat actors to escalate privileges on target endpoints via malicious applications.
Google did not explain who used the flaws, against whom, and for what purposes.
Android 11, Android 12, Android 12L, and Android 13 are affected by these flaws, and Google recommends users apply the patch immediately. This can be done by going into the Settings menu and scrolling down to the About Phone section. There, one can find a menu item that checks for available software updates.
Unlike Apple's iOS, Google's mobile ecosystem is decentralized, which means that different manufacturers can take more or less time to release the patch. If there is no fix available for your device, you can probably expect one in the coming days and weeks.
Also, getting an Android antivirus app can't hurt, as the best ones do a decent job of protecting mobile devices against malware and similar vulnerabilities. Also make sure that Google Play Protect is enabled, as this is the default Android antivirus app and usually comes pre-installed.
- Protect your business with the best small business firewall
Via: Tom's Guide (opens in a new tab)