Android’s August 2023 Updates Patch Critical RCE (CVE-2023-21273 & CVE-2023-21282) Bugs

CVE-2023-21273

Google this week announced the August 2023 security updates for Android devices, with patches for over 48 vulnerabilities, including two critical remote code execution (RCE) bugs and a critical elevation of privilege flaw.

Google’s Android security bulletin for August 2023 describes 31 vulnerabilities resolved in the Framework, Media Framework, and System components as part of the 2023-08-01 security patch level. Most of these are critical-severity flaws leading to remote code execution (RCE).

One of the 13 issues addressed in the System, however, is a critical-severity RCE bug, tracked as CVE-2023-21273.
The most severe vulnerability in this section could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation,” Google notes in its advisory.

CVE-2023-21273

Another critical-severity RCE flaw, tracked as CVE-2023-21282 affects Media Framework. This vulnerability could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

The second part of Android’s August 2023 security update arrives on devices as the 2023-08-05 security patch level and includes fixes for 9 vulnerabilities in kernel, Arm, MediaTek, and Qualcomm closed-source components.

While most of these bugs are rated ‘high severity’, two of the issues impacting kernel (tracked as CVE-2023-21264) and Qualcomm (tracked as CVE-2022-40510) components are considered ‘critical severity’.

These vulnerabilities are serious and could be exploited by attackers to gain control of Android devices. It is important to install the August 2023 security updates as soon as possible to protect your devices from these vulnerabilities.

Luckily, the company is not aware of any public announcements or malicious use of the four vulnerabilities (CVE-2023-21273, CVE-2023-21282, CVE-2023-21264, and CVE-2022-40510).

How to Install the August 2023 Security Updates

The August 2023 security updates are available for most Android devices. To install the updates, follow these steps:

  1. On your Android device, open the Settings app.
  2. Tap on “System.”
  3. Tap on “Advanced.”
  4. Tap on “Security.”
  5. Tap on “Security updates.”
  6. If an update is available, tap on “Download and install.”

Once the update is installed, your device will be protected from the vulnerabilities listed above.