Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerabilities in Android Operating System
Alerts

Critical Vulnerabilities in Android Operating System

12 July 2023

Google has released security updates to address critical vulnerabilities (CVE-2023-2136, CVE-2023-21250) for devices running Android versions 11, 12, and 13.

The vulnerabilities are as follows:

  • CVE-2023-2136: Successful exploitation of the integer vulnerability could lead to incorrect rendering, memory corruption, and arbitrary code execution, allowing attackers to gain unauthorised system access.

  • CVE-2023-21250: Successful exploitation of the vulnerability in Android’s System component could allow attackers to perform remote code execution without any user interaction or additional execution privileges.

Users of affected product versions are advised to upgrade to the latest versions immediately by going to Settings > System > System Update and selecting the "Check for updates" button. Alternatively, Android devices can be updated via Settings > Security & Privacy > Updates > Security Update.

For devices running Android versions 10 and older, which have reached End-of-Life (EoL), users are advised to check for important security fixes via the Google Play system updates by going to Settings > Security & privacy > Updates > Google Play system update.

More information is available here:
https://source.android.com/docs/security/bulletin/2023-07-01
https://www.bleepingcomputer.com/news/security/android-july-security-updates-fix-three-actively-exploited-bugs/

Back to top