Google Fixes Critical Vulnerabilities in Android Security Update for July 2023

Google has released a security update for July 2023, fixing 46 vulnerabilities, four of which have been classified as critical. The update affects Android 11, 12, and 13 and may also affect older Android versions that are no longer supported.

Critical Vulnerabilities

The four critical vulnerabilities fixed in the update are CVE-2023-26083, CVE-2021-29256, CVE-2023-2136, and CVE-2023-21250.
CVE-2023-26083 is a memory leak in the ARM Mali GPU driver for Bitfrost, Avalon, and Vallhall processors. It has been abused in an exploit chain that delivered spyware to Samsung devices with Android in December 2022.
CVE-2021-29256 is a highly critical exploit that allows non-privileged publishing of data and root privilege escalation. It affects specific versions of the Bitfrost and Midgard ARM Mali GPU kernel drivers.
CVE-2023-2136 is an integer overflow bug in Skia, Google’s open-source multi-platform 2D graphics library. This error has been previously fixed in Chrome.
Finally, CVE-2023-21250 is a vulnerability in the Android System component that allows hackers to perform remote code execution without interacting with end users or other execution privileges. It impacts Android 11, 12, and 13.

Other Fixes

In addition to the four critical vulnerabilities, Google also fixed 42 other vulnerabilities in the update. These include elevation of privilege vulnerabilities, information disclosure vulnerabilities, and denial of service vulnerabilities.
Google recommends that all users update their devices to the latest security patch as soon as possible. The update is available for download on Google’s official website.