Android Security Bulletin - 20230711001

Overview

The Android Security Bulletin has released two batch of security vulnerabilities affecting Android devices. The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Android partners are notified of all issues at least a month before publication.

What is vulnerable?

The following details two batch of vulnerabilities;

2023-07-01 security patch level vulnerability details

• Framework

• System

• Google Play system updates

2023-07-05 security patch level vulnerability details

• Kernel

• Kernel Components

• Arm components

• Imagination Technologies

• MediaTech components

• Qualcomm components

• Qualcomm closed-source components

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month (refer Patch Management):

• Google support
• Check and update your Android version

Additional References

• https://source.android.com/docs/security/bulletin/2023-07-01#2023-07-01-security-patch-level-vulnerability-details
• https://source.android.com/docs/security