CISA

"CISA ordered federal agencies today to patch a high-severity Arm Mali GPU kernel driver privilege escalation flaw added to its list of actively exploited vulnerabilities and addressed with this month's Android security updates.
The flaw (tracked as CVE-2021-29256) is a use-after-free weakness that can let attackers escalate to root privileges or gain access to sensitive information on targeted Android devices by allowing improper operations on GPU memory.
"A non-privileged User can make improper operations on GPU memory to gain access to already freed memory and may be able to gain root privilege, and/or disclose information," Arm's advisory reads.
"This issue is fixed in Bifrost and Valhall GPU Kernel Driver r30p0 and fixed in Midgard Kernel Driver r31p0 release. Users are recommended to upgrade if they are impacted by this issue."
2 CVE-2023-26083 is a medium-severity memory leak flaw in the Arm Mali GPU driver leveraged in December 2022 as part of an exploit chain that delivered spyware to Samsung devices.
3 A third vulnerability, tracked as CVE-2023-2136 and rated as critical severity, is an integer overflow bug found in Google's Skia, an open-source multi-platform 2D graphics library. Notably, Skia is used with the Google Chrome web browser, where it was addressed in April as a zero-day bug.

Federal agencies ordered to secure Android devices within 3 weeks

U.S. Federal Civilian Executive Branch Agencies (FCEB) have been given until July 28th to secure their devices against attacks targeting the CVE-2021-29256 vulnerability added to CISA's list of Known Exploited Vulnerabilities today.
Although the catalog primarily focuses on U.S. federal agencies, it's also strongly recommended that private companies prioritize and patch all vulnerabilities listed in CISA's catalog.
"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA warned today.
  • Earlier this week, the cybersecurity agency warned that attackers behind the TrueBot malware operation exploit a critical remote code execution (RCE) vulnerability in the Netwrix Auditor software for initial access to targets' networks.
  • One week earlier, CISA also warned of distributed denial-of-service (DDoS) attacks targeting U.S. organizations across multiple industry sectors."

Related Articles:

Android July security updates fix three actively exploited bugs

Android security update fixes Mali GPU bug exploited as zero-day

CISA warns of Samsung ASLR bypass flaw exploited in attacks

Apps with 1.5M installs on Google Play send your data to China

CISA: Netwrix Auditor RCE bug exploited in Truebot malware attacks