Android security updates released this month address a high-severity vulnerability exploited as zero-day to install commercial spyware on compromised devices.

The security breach (tracked as CVE-2023-0266) is a use-after-free weakness in the Linux kernel audio subsystem that can cause elevation of privilege without requiring user interaction.

According to a Google Threat Analysis Group (TAG) report released in March, it was exploited as part of a complex chain of 0 and n days in a spyware campaign targeting Samsung Android phones.

Attackers deployed a suite of spyware on compromised devices capable of decrypting and extracting data from chat and browser apps, Google TAG said.

The same exploit chain included another zero-day (CVE-2022-4262) in the Chrome web browser, a Chrome sandbox evasion, as well as vulnerabilities in the Mali GPU Kernel driver and Linux kernel.

Google TAG linked the attacks to Spanish mercenary spyware provider Variston, known for its Heliconia Operating Framework which targets the Windows platform.

“There are indications that CVE-2023-0266 may be subject to limited and targeted exploitation,” a note added by the Android Security Team to this month’s security bulletin bed.

Federal agencies ordered to patch until April 20

A day after the publication of its report by Google TAG, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2023-0266 known exploited vulnerabilities, a list of security vulnerabilities actively exploited in attacks.

CISA has given federal civilian executive branch (FCEB) agencies three weeks, until April 20, to secure all vulnerable Android devices from attacks that may target the bug.

THE May Android Updates also fixes dozens of other security bugs, most high-severity privilege escalation issues in the operating system and various components.

On Monday, the Android Security Team also released the May Pixel Update Bulletinwhich corrects the defects of supported Pixel devices and Qualcomm components.

Source link