Google has released a fresh monthly security update for the Android platform, which includes fixes for 56 vulnerabilities. Five of them were classified as critical, and one of the vulnerabilities has been actively exploited by hackers since December last year.
The most significant fix included in the June 5, 2023 update is the fix for the CVE-2022-22706 vulnerability in the Mali graphics core driver. This serious error, according to the Google TAG analysis group, could be used in a spy campaign aimed at Samsung devices.
The latest Google Security Bulletin confirms that there are indications of limited and targeted exploitation of the CVE-2022-22706 vulnerability. At the end of March, CISA also noted the active use of this vulnerability in its recommendations.
CVE-2022-22706 has a severity score of 7.8 out of 10 and allows unprivileged users to gain write access to memory that should be read-only.
The issue affects the following versions of ARM kernel drivers:
- Midgard GPU kernel driver: all versions from r26p0 to r31p0;
- Bifrost GPU Kernel Driver: all versions from r0p0 to r35p0;
- Valhall GPU Core Driver: all versions from r19p0 to r35p0.
ARM fixed the vulnerability in the Bifrost and Valhall GPU kernel drivers by including the fixes in version r36p0. A fix has also been released in the Midgard r32p0 kernel driver, but it’s only now available in stable Android.
It was learned that Samsung also fixed the CVE-2022-22706 vulnerability in its devices in the May 2023 update, notes NIX Solutions. The company’s quick response to the active exploitation of this bug indicates that Samsung users have been the target of a spy campaign.
The latest Android update also fixed other critical vulnerabilities:
- CVE-2023-21127 and CVE-2023-21108: Android remote code execution vulnerabilities affecting Android 11, 12, and 13;
- CVE-2023-21130: An Android remote code execution vulnerability affecting Android 13 only.
- CVE-2022-33257 and CVE-2022-40529: Unspecified critical vulnerabilities affecting closed source Qualcomm components.
Users using devices running Android 10 or older should be alert to potential threats. It is recommended that you either upgrade to a newer device with active support for the latest version of Android, or go with a third-party Android distribution that continues to provide security updates, even if at a delay.