Google has released the monthly security update for the Android platform, adding fixes for 56 vulnerabilities, five of them with a critical severity rating and one exploited since at least last December.
The new security patch level 2023-06-05 integrates a patch for CVE-2022-22706, a high-severity flaw in the Mali GPU kernel driver from Arm that Google’s Threat Analysis Group (TAG) believes it may have been used in a spyware campaign targeting Samsung phones.
“There are indications that CVE-2022-22706 may be under limited, targeted exploitation,” reads Google’s latest bulletin. CISA also highlighted the active exploitation of CVE-2022-22706 in an advisory released in late March.
According to Arm, the issue impacts the following kernel driver versions:
- Midgard GPU Kernel Driver: All versions from r26p0 – r31p0
- Bifrost GPU Kernel Driver: All versions from r0p0 – r35p0
- Valhall GPU Kernel Driver: All versions from r19p0 – r35p0
The critical-severity flaws fixed in this month’s Android update include:
CVE-2023-21127 – Remote code execution flaw in Android Framework, impacting Android 11, 12, and 13. Fixed in security patch level “2023-06-01.”
CVE-2023-21108 – Remote code execution flaw in Android System, impacting Android 11, 12, and 13. Fixed in security patch level “2023-06-01.”
CVE-2023-21130 – Remote code execution flaw in Android System, impacting Android 13. Fixed in security patch level “2023-06-01.”
CVE-2022-33257 – Critical flaw of an undefined type, impacting Qualcomm closed-source components. Fixed in security patch level “2023-06-05.”
CVE-2022-40529 – Critical flaw of an undefined type, impacting Qualcomm closed-source components. Fixed in security patch level “2023-06-05.
Read Full Article Here
Source: BleepingComputers