Google publishing over 32-vulnerabilities in September should keep its users on a high security alert, as this sure is a sign of no-good.
In a security report published on the 05th September, 2023, google announced that over 28-high security, and 4-critical vulnerabilities has been discovered in its AOSP (Android Open-Source Project), bringing it to a total number of 32-High risk security flaws.
The company stated that an attacker can exploit the affected devices, through RCE’s (Remote Code Execution), EoP (Elevation of Privilege), ID (Information Disclosure), DOS (Denial-of-Service), and other non-classified vulnerabilities.
This discovery indicated that Framework, System, Google Play system updates, Qualcomm components, and Qualcomm closed-source components where affected, and impacts all AOSP version 11, 12, 12L, and 13.
We at Fixitgearware security have outlined this vulnerability, CVE-id’s, risk level, Description (How they can be exploited, and what component is affected) in the tables below.
Published information indicates that the security patch level address all issues related with 2023-09-01, and 2023-09-05, and users were advised to check and update their android devices to the latest version.
In an article report Google Stated:
“For some devices on Android 10 or later, the Google Play system update will have a date string that matches 2023-09-01 security patch level.”
These devices also have their end of life stated, for both Android version updates, and guaranteed security updates. We advise Android users to go through their various device version, and see how long google android Os, and security updates are supported.
Reasons for the two-security patch level was described to address the issue of flexibility in fixing subset of vulnerabilities common to all Android devices quickly. Google also informed the public that Android devices and chipset manufacturers may address vulnerabilities that describe their specific products such as Google, Huawei, LGE, Motorola, Nokia, and Samsung.
Please do let us know in the comment section what are your thoughts about this.