Tech NewsTech News

Security Firm Warns Android Smartphone Users Should Update Their Phones Now

Save
Security Firm Warns Android Smartphone Users Should Update Their Phones Now
A man shows an app on an Android phone in a file photo. (JACK GUEZ/AFP via Getty Images)
Jack Phillips
4/6/2023
Updated:
4/14/2023
0:00

Google this week announced that users should update their Android smartphones as soon as possible due to multiple vulnerabilities that can lead to “remote code execution.”

In a bulletin issued in April 3, “The most severe of these issues is a critical security vulnerability in the System component that could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed.”

Further, it warned that “user interaction is not needed for exploitation” and that “the severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.”

The vulnerabilities currently impact Android systems that are using versions 11, 12, 12L, and 13, Google’s bulletin said.

Security experts with antivirus software maker MalwareByes warned that users should “update as soon as they can,” according to a post. “If your Android is on security patch level 2023-04-05 or later, this will address all of these issues. Android partners are notified of all issues at least a month before publication, however this doesn’t always mean that the patches are available for devices from all vendors.”

Users can find their respective Android phone’s version number, security update level, and Google Play level in the Settings app. Generally, Android pushes automatic updates to users, but one can check for updates.

“For most phones it works like this: Under About phone or About device you can tap on Software updates to check if there are new updates available for your device, although there may be slight differences based on the brand, type, and Android version of your device,” according to MalwareBytes.

In all, 69 CVE errors were patched, of which six in all were described as critical: CVE-2023-21085, CVE-2023-21096, CVE-2022-33231, CVE-2022-33288, CVE-2022-33289, and CVE-2022-33302, according to the bulletin.

Two major vulnerabilities in question flagged by Google were labeled as CVE-2023-21085 and CVE-2023-21096. Both CVE-2023-2108 and CVE-2023-21096 involve a vulnerability in the Android System component that can allow a malign actor to execute code by allowing a remote attacker to trick the victim to open a file to execute the code, MalwareBytes said.

One vulnerability, CVE-2022-38181, that was also patched and rated as high, is currently being exploited in the wild, said MalwareBytes. It “allows unprivileged users to access freed memory because GPU memory operations are mishandled. This use-after-free (UAF) vulnerability allows a local application to escalate privileges on the system. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.”

“This vulnerability is known to be exploited in targeted attacks and was first spotted in November 2022,” the firm said.

SHARE THIS ARTICLE
Jack Phillips
Jack Phillips
Author (Breaking News Reporter)
Jack Phillips is a breaking news reporter with 15 years experience who started as a local New York City reporter. Having joined The Epoch Times' news team in 2009, Jack was born and raised near Modesto in California's Central Valley. Follow him on X: https://twitter.com/jackphillips5
twitter
Related Topics