Security News > 2023 > May > New Android updates fix kernel bug exploited in spyware attacks

New Android updates fix kernel bug exploited in spyware attacks
2023-05-05 17:45

Roid security updates released this month patch a high-severity vulnerability exploited as a zero-day to install commercial spyware on compromised devices.

According to a Google Threat Analysis Group report published in March, it was exploited as part of a complex chain of multiple 0-days and n-days in a spyware campaign targeting Samsung Android phones.

Google TAG linked the attacks to Spanish mercenary spyware vendor Variston, known for its Heliconia exploit framework that targets the Windows platform.

One day after Google TAG published its report, the Cybersecurity and Infrastructure Security Agency added CVE-2023-0266 to the Known Exploited Vulnerabilities, a list of security vulnerabilities actively exploited in attacks.

CISA gave Federal Civilian Executive Branch Agencies agencies three weeks, until April 20, to secure all vulnerable Android devices against attacks that could target the bug.

The May Android updates also address dozens of other security bugs, most high-severity privilege escalation issues in the OS and various components.


News URL

https://www.bleepingcomputer.com/news/security/new-android-updates-fix-kernel-bug-exploited-in-spyware-attacks/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-01-30 CVE-2023-0266 Use After Free vulnerability in Linux Kernel
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user.
local
low complexity
linux CWE-416
7.8
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Android 4 0 17 2 0 19
Kernel 4 2 8 5 0 15