CISA today ordered federal agencies to patch a high-severity Arm Mali GPU kernel driver privilege escalation flaw added to its list of actively exploited vulnerabilities and resolved with this month’s Android security updates -this.
The defect (tracked as CVE-2021-29256) is a use-after-release weakness that may allow attackers to gain root privileges or access sensitive information on targeted Android devices by enabling inappropriate GPU memory operations.
“An unprivileged user may perform inappropriate GPU memory operations to gain access to already freed memory and may be able to gain root privilege and/or leak information,” Arm said. bed.
“This issue is resolved in Bifrost and Valhall GPU Kernel Driver r30p0 and corrected in Midgard Kernel Driver r31p0. Users are recommended to upgrade if affected by this issue.”
With this month’s security updates for the Android operating system, Google fixed two more security flaws labeled as being exploited in attacks.
CVE-2023-26083 is a medium-severity memory leak flaw in the Arm Mali GPU driver leveraged in December 2022 part of an exploit chain that delivered spyware to Samsung devices.
A third vulnerability, identified as CVE-2023-2136 and classified as critically severe, is an integer overflow bug found in Google’s Skia, an open-source cross-platform 2D graphics library. Skia is notably used with the Google Chrome web browser, where it was tackled in April like a zero-day bug.
Federal agencies ordered to secure Android devices within 3 weeks
US Federal Civilian Executive Branch (FCEB) agencies have until July 28 to secure their devices against attacks targeting the CVE-2023-20963 vulnerability added to CISA’s list of known exploited vulnerabilities today.
According to Binding Operational Directive (BOD 22-01) released in November 2021, federal agencies are required to thoroughly assess and remediate all security vulnerabilities described in CISA’s KEV Catalog.
Although the catalog primarily focuses on US federal agencies, private companies are also strongly recommended to prioritize and patch all vulnerabilities listed in the CISA catalog.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said. warned Today.
Earlier this week, the cybersecurity agency warned that the attackers behind the TrueBot malware operation are exploiting a critical remote code execution (RCE) vulnerability in Netwrix Auditor software for initial access to target networks.
A week earlier, CISA also warned distributed denial of service (DDoS) attacks targeting US organizations across multiple industry sectors.