The Computer Emergency Response Team of France (CERT-FR) has issued an advisory regarding multiple vulnerabilities identified in Google Android.
Document Management
- Reference: CERTFR-2023-AVI-0811
- Title: Multiple Vulnerabilities in Google Android
- First Version Date: October 6, 2023
- Last Version Date: October 6, 2023
- Sources: Android Security Bulletin of October 2, 2023; Pixel Security Bulletin of October 4, 2023
- Attachments: None
Risk(s)
- Not specified by the publisher
- Remote Arbitrary Code Execution
- Remote Denial of Service
- Breach of Data Confidentiality
- Privilege Escalation
Affected Systems
- Google Android versions 11, 12, 12L, 13 without the security patch of October 6, 2023
- Google Pixel without the security patch of October 5, 2023
Summary Multiple vulnerabilities have been discovered in Google Android. Some of these vulnerabilities allow an attacker to trigger remote arbitrary code execution, remote denial of service, and a breach of data confidentiality.
The publisher indicates that vulnerabilities CVE-2023-4863 and CVE-2023-4211 are being exploited.
Solution Refer to the publisher’s security bulletin for obtaining patches (see Documentation section).
Documentation
References (CVE)
- CVE-2023-4863
- CVE-2023-4211
- [Other CVE references are available in the original document]
CERT-FR advises immediate attention to these vulnerabilities and recommends applying the necessary security patches provided by the Android security bulletins.