Google has released the July security update package for Android, addressing a total of 46 software vulnerabilities. Of these, three were found to be actively exploited. Users receiving the July package are advised to install the updates without delay.
July security update released for Android users
One of the critical vulnerabilities affected smartphones with Arm Mali GPUs. This vulnerability, known as CVE-2023-26083, has previously led to spyware infiltration of Samsung devices. It was found that hackers infiltrated the devices via the Mali GPU driver.
Another major vulnerability again affected devices with the Arm Mali GPU. However, this vulnerability was reported to affect certain versions of kernel drivers. The vulnerability, defined as CVE-2021-29256, allows unauthorised access to sensitive data. Considering that many manufacturers, from Samsung to Xiaomi, use this GPU, the danger cannot be underestimated.
The third exploited vulnerability is codenamed CVE-2023-2136. It was discovered in Skia, Google’s open source 2D graphics library. However, it was mostly seen as a zero-day in the Google Chrome browser. It was reported to allow hackers to remotely execute code through Chrome and affected Android devices.
Google’s July security package addresses a total of 46 vulnerabilities. The first package was distributed on 1 July. The package addressing vulnerabilities in the kernel, Arm, MediaTek and Qualcomm hardware was released on 5 July. It may take some time for manufacturers to offer it for their devices.
Versions of Android 11, 12 and 13 are believed to be affected. Pixel owners can download the July security update from today.