Android Security Update Patches Kernel Vulnerability Exploited by Spyware Vendor


More than 40 vulnerabilities are fixed by Google’s Android security patches for May 2023, including a kernel weakness that a spyware vendor used as a zero-day exploit. The great majority of security flaws have been given a “high severity” rating and can be used to elevate privileges, launch denial-of-service attacks, or reveal information.

The moderate-severity kernel bug that was used as a zero-day attack is listed as CVE-2023-0266, and according to Google, it can be used to escalate local privileges without the involvement of the user. The ALSA PCM module of the Linux kernel contains a high-severity use-after-free vulnerability, according to an entry in NIST’s National Vulnerability Database.

Read More…