Google has addressed security vulnerabilities in its Pixel smartphones running Android and urges users to update their devices immediately. One critical vulnerability is being actively exploited, leading to potential information leaks. Other moderate-level vulnerabilities pose risks of unauthorized data access and potential denial-of-service attacks. It is crucial for Pixel smartphone owners to apply the latest patch (2023-06-05) to ensure their devices are protected.

Vulnerabilities

  • CVE-2023-21237 (risk: “critical”)

  • CVE-2023-21066 (risk: “critical”)

  • Other vulnerabilities are classified as “moderate” risks, potentially allowing unauthorized access to restricted information or facilitating denial-of-service attacks.

Dangerous vulnerabilities

This also applies to a vulnerability (CVE-2023-21237), which Google says is “exploited on a limited scale and targeted”. It is currently not known how the attacks take place. Information leaks are said to occur after successful attacks.

As can be seen from a warning message, the gaps affect the framework and pixel components like the camera driver and the processor subcomponent “exynos-slsi”, among others. The latter vulnerability (CVE-2023-21066) is considered “critical”. Attacks with malicious code could occur here.

The remaining vulnerabilities are rated “moderate”. At these points, attackers could access information that is actually sealed off or use it for DoS attacks.

Patch now!

Support with security updates for the Pixel 4a series will end in August this year. Security patches for the Pixel 5 will end in October of this year. Those who still own a supported device should make sure that the patch level 2023-06-05 is installed.

Last week, Google and other manufacturers released further security updates for various Android models. The focus was on “critical” malware vulnerabilities. Among other things, attacks via Bluetooth are conceivable. Attacks are also said to be possible on other Android devices. A vulnerability in ARM’s Mali GPU is the focus of the attackers there. Again, no further information about the scope of the attacks is known.

Resources

Contact & Information

Do you have suggestions for improvement or would you like to have an article translated / created? Please contact me!