[ad_1]
Google closed 28 leaks during the April Android patch cycle, including one critical one. This breach leaves mobile phones equipped with Qualcomm chipsets vulnerable to remote attacks. Another high-priority vulnerability is in the code of Android itself, allowing malicious apps to increase their privileges without user interaction.
The latter vulnerability could allow such apps to access data or perform actions beyond their normal permissions. According to a report from security.nl, Google has classified the impact of this breach as “high.” Both vulnerabilities are listed in Google’s own April security bulletin.
Cause of buffer overflow
A major breach of Android devices with Qualcomm chipsets involves a security flaw in the data modem. This could allow an attacker to cause a buffer overflow during DTLS protocol handshake validation, potentially allowing code execution. The vulnerability, coded CVE-2023-28582, has a severity rating of 9.8 out of 10 on the CVSS vulnerability scale. This vulnerability is included in Qualcomm’s proprietary security bulletin.
Google has fixed flaws in the code of its Android operating system and components from chipmakers such as Qualcomm and MediaTek. Widevine, the DRM system developed by Google, will also receive an update. The company uses specific dates to do this. Devices receiving the April update will have a patch level of “2024-04-01” or “2024-04-05.”
Manufacturers must include all patches from the April Android Bulletin in their updates and make them available to users. These updates are available for Android 12, 12L, 13, and 14.
Similar to the vulnerability fixed in January
Google patched a similar vulnerability in phones equipped with Qualcomm chips in January’s Android security update. This breach was also in the data modem, and like the most recent breach, the phone could be remotely attacked through code injection during a buffer overflow.
Google reports that the manufacturer was notified of the vulnerability at least a month ago. However, as always, there is no guarantee that all Android devices will receive the update immediately. This is due to manufacturers ending support or delays in rolling out updates.
Also read: Second preview of Android 15 brings features for satellite communications
[ad_2]
Source link
