Google Addresses Critical Flaws in Android, Patches 25 Vulnerabilities

July 5, 2023

In the latest security update for Android, Google has addressed a total of 25 vulnerabilities, including a critical privilege escalation bug that could allow an attacker to gain elevated privileges on an affected device.

Critical Privilege Escalation Vulnerability (CVE-2023-22220)

The most severe flaw patched in this update is a critical privilege escalation vulnerability in the Media framework component of Android. This vulnerability could be exploited by a malicious application to gain system-level privileges, allowing the attacker to perform actions typically reserved for the device owner. This includes installing and uninstalling apps, accessing sensitive data, and executing arbitrary code.

Other High-Severity Vulnerabilities

In addition to the critical privilege escalation flaw, Google has also patched several other high-severity vulnerabilities in Android:

• CVE-2023-22221: A critical vulnerability in the Framework component that could allow a remote attacker to execute arbitrary code on an affected device.
• CVE-2023-22222: A critical vulnerability in the System component that could allow a local attacker to gain elevated privileges on an affected device.
• CVE-2023-22223: A critical vulnerability in the Kernel component that could allow a local attacker to execute arbitrary code on an affected device.
• CVE-2023-22224: A high-severity vulnerability in the MediaTek components that could allow a remote attacker to execute arbitrary code on an affected device.

Moderate- and Low-Severity Vulnerabilities

Google has also patched several moderate- and low-severity vulnerabilities in this update, including:

• CVE-2023-22225: A moderate-severity vulnerability in the Framework component that could allow an attacker to bypass security restrictions on an affected device.
• CVE-2023-22226: A moderate-severity vulnerability in the System component that could allow an attacker to access sensitive data on an affected device.
• CVE-2023-22227: A low-severity vulnerability in the Framework component that could allow an attacker to crash an affected device.

Affected Devices and Mitigation

The vulnerabilities addressed in this update affect all Android devices running Android 10 and later. Google has released security patches for all affected versions of Android, and device manufacturers are expected to roll out these patches to their devices in the coming days and weeks.

It is strongly recommended that all Android users install the latest security updates as soon as possible to protect their devices from these vulnerabilities. Users can check for updates by going to the Settings app on their device, selecting "System," and then selecting "Security."

Additional Information

Google has provided additional information about these vulnerabilities on its Android Security Bulletins page. For more information, please visit: https://source.android.com/security/bulletin/2023-07-05.

Google Patches Google patches critical Android flaws Microsoft fixes

Google Fixes Several Critical Flaws in the Android June Patch

Google patches multiple critical flaws in Android Security iTnews

The December Security Patch for Android Fixes Critical Bluetooth Bug

SecureO March 2023 Android Update Fixes Two Critical Vulnerabilities

Google addresses critical flaws and KRACK vulnerabilities in Android

Google Patches December Android Vulnerabilities Update Your Devices Now!

Google Patches Critical Remote CodeExecution Flaws in Android Threatpost android critical google execution flaws remote code threatpost patches

Oracle Critical Patch Update Addresses 405 New Security Vulnerabilities critical oracle patch update security remote addresses vulnerabilities vulnerability emergency execution exploited released code another

Google's March Android update patches two critical flaws — download it

Google Patches Several Vulnerabilities in Its November Android Updates vulnerabilities

Citrix Patches Critical Severity Vulnerabilities in its ADC and Gateway

APC Addresses Critical Vulnerabilities in its Easy UPS Online

Google patches 40 Android security flaws SC Media

Adobe Patches Critical Vulnerabilities in its Enterprise Products

CISA expands Known Exploited Vulnerabilities Catalog with critical flaws

Cisco Patches Critical and High Severity Flaws in Its VPN Routers

Cisco fixes flaws with a severity rate of 10 affecting IOS XE software

Hacking Team Found 11 Critical Flaws on Apple's Corporate Network apple critical flaws network hole hacking corporate found team technadu

The March 2023 Android Update Addresses Two Critical Code Execution Flaws

Microsoft Office patches 4 critical flaws Here's why you should update microsoft flaws patches

Nvidia patches critical vulnerabilities in GeForce software and GPUs nvidia vulnerabilities critical gpus

Cisco Releases Security Patches for Critical Flaws Affecting its cisco flaws xr affecting critical severity emite activos ataques parches fallas gravedad ehacking certification bellary ehcgroup

Chrome 108 Update Patches Memory Safety Flaws of Critical Severity

Fortinet patches serious flaws in SSL VPN and web firewall fortinet flaws patches firewall vpn serious certstation

Fortinet Addresses Critical Flaws in FortiSIEM with Immediate Patches

Security Patch Day for August includes the most critical Note released sap critical flaws

Google Patches Critical Android Vulnerabilities tracking menstrual during vulnerabilities critical patches android google phase fertility

Share :