Google releases Android security update to fix critical vulnerabilities

Google has released a security patch that addresses three high-severity vulnerabilities affecting some of the latest versions of Android, including one that is believed to be actively exploited in the wild. The flaws, tracked as CVE-2023-21085, CVE-2023-21096, and CVE-2022-38181, were detailed in Google’s April 2023 Android security bulletin. The first two vulnerabilities are related to the Android System and could allow for remote code execution via phishing attacks. The third vulnerability is related to the Arm Mali GPU kernel driver and has reportedly been exploited by hackers since late 2022. Google did not provide further details on the exploit or its attackers.

The affected Android versions include Android 11, Android 12, Android 12L, and Android 13, and Google has advised users to apply the fix immediately. To do so, users can check for available software updates in the About Phone section of the Settings menu. However, given that Google’s mobile ecosystem is decentralized, it may take different manufacturers varying amounts of time to release the patch.

Businesses are encouraged to patch their endpoints as soon as possible, and users are also advised to enable Google Play Protect, Android’s default antivirus app, and consider installing an Android antivirus app for further protection against malware and similar vulnerabilities.