Google fixes 52 security issues in the May 2023 security updates for Androi

[harlan4096]

Martin Brinkmann May 2, 2023Google Android|1Google has just released the May 2023 security bulletin for its Android operating system. It addresses 52 different security issues in Android and components.  The company publishes the security bulletin on the first Monday of each month. Manufacturers of Android devices may then integrate these security updates into their products.

Google's own Pixel devices are usually the first, or among the first, to receive these security updates. Third-party manufacturers, such as Samsung, Motorola or Xiaomi will release updates for their devices as well in the coming days and weeks.

Google explains that  a high security vulnerability in the Framework component is the most severe issue in May 2023. It could lead to local escalation of privilege with "no additional execution privileges needed".

Patches are divided into two groups. The first lists security issues in Android and Google Play, the second vulnerabilities in Android Kernel and hardware-specific components, e.g., components from ARM or Qualcomm.

Here is the overview:

• Framework Vulnerabilities: 10 vulnerabilities. Maximum severity level is high. The most severe vulnerability could lead to local escalation of privilege and does not require user interaction for exploitation.
  
• System Vulnerabilities: 6 vulnerabilities. Maximum severity level is high. The most severe vulnerability could lead to local escalation of privilege without requiring user interaction.
  
• Google Play system update: 2 vulnerabilities in the Permission Controller.
  
• Kernel vulnerabilities: 2 vulnerabilities. Maximum severity is high. Most severe vulnerability could lead to local escalation of privilege and does not require user interaction.
  
• Kernel components: 1 vulnerability. Maximum severity is moderate. Same danger as Kernel vulnerabilities.
  
• Kernel LTS vulnerabilities: 5 vulnerabilities.
  
• ARM components: 5 vulnerabilities. The maximum severity of the vulnerabilities is high.
  
• Imagination Technologies: 1 vulnerability. The maximum severity of the vulnerability is high.
  
• MediaTek components vulnerabilities: 7 vulnerabilities. The maximum severity of the vulnerability is high.
  
• Unisoc components vulnerabilities. 5 vulnerabilities. The maximum severity of the vulnerability is high.
  
• Qualcomm components vulnerabilities. 2 vulnerabilities. The maximum severity of the vulnerability is high.
  
• Qualcomm closed-source components vulnerabilities: 6 vulnerabilities. The maximum severity of the vulnerability is high.
  

Google Pixel device owners may want to run a manual check for updates in the Settings. The update should be found during a manual check for updates and installed on these devices.  It may take a could of days or even longer before devices by other manufacturers receive the update as well.

Now You: when do you install the Android security updates?
...

Continue Reading