Multiple Vulnerabilities in Google Android OS

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for privilege escalation. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.

Threat Intelligence There are reports of vulnerabilities CVE-2023-26083, CVE-2021-29256, and CVE-2023-2136 being exploited in the wild.

Systems Affected

Android OS patch levels prior to 2023-07-05

Risk Government: – Large and medium government entities: High – Small government entities: Medium

Businesses: – Large and medium business entities: High – Small business entities: Medium

Home Users: Low

Technical Summary Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution in the context of the affected component.

Recommendations

Apply appropriate patches provided by Google to vulnerable systems, immediately after appropriate testing. Remind users not to visit untrusted websites or follow links provided by unknown or untrusted sources. Inform and educate users regarding threats posed by hypertext links contained in emails or attachments, especially from untrusted sources. Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.

References Google: https://source.android.com/docs/security/bulletin/2023-07-01#arm-components

CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29256 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28350 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42703 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20754 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20755 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20918 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20942 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2136 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21239 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21240 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21241 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21246 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21247 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21249 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21250 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21251 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21254 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21256 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21261 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21262 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21629 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21631 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21672 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22667 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25012 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26083 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28147 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28542