In October 2023, Google released security updates addressing over 50 vulnerabilities for Android devices, including two that address high-severity flaws that are actively exploited (CVE-2023-4863 and CVE-2023-4211). These vulnerabilities affect Android versions 10 to 13.
- CVE-2023-4211: Buffer overflow vulnerability in the open-source library (libwebp), that could potentially allow a remote attacker to perform an out-of-bounds memory write with a crafted HTML page. This vulnerability impacts several software such as Microsoft Teams, Google Chrome, Mozilla Firefox, and more.
- CVE-2023-4211: An actively exploited vulnerability that affects multiple versions of Arm Mali GPU drivers that are commonly used in Android devices. This vulnerability is a use-after-free memory issue that could potentially allow the attacker to access or manipulate confidential data locally.
Administrators and users of the affected versions are strongly advised to update their software to the latest version immediately.
It is important to ensure that your software is up-to-date. This would allow you access to new features or any security patches to address bugs and flaws as soon as they are available. Whenever possible, it is advisable to enable automatic software updates to ensure that your devices are running on the latest versions.