Google Fixes Nearly 100 Android Security Issues

December was a hectic month for updates as firms including Apple and Google rushed to get patches out to fix serious flaws in their products before the holiday break.
Enterprise software giants also issued their fair share of patches, with Atlassian and SAP squashing several critical bugs during December.
Apple iOS. In mid-December, Apple released iOS 17.2, a major point upgrade containing features such as the Journal app, as well as 12 security patches.
Among the flaws fixed in iOS 17.2 is CVE-2023-42890, an issue in the WebKit browser engine that could allow an attacker to execute code.
Another flaw in the iPhone's Kernel, tracked as CVE-2023-4291, could see an app break out of its secure sandbox, Apple wrote on its support page.
The iOS 17.2 update also put a mechanism in place to prevent a Bluetooth attack using a penetration testing device called Flipper Zero, according to tests by ZDNET and 9to5Mac.
Apple also released iOS 16.7.3, Safari 17.2, macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2, tvOS 17.2 and watchOS 10.2.
Just one week after releasing iOS 17.2, Apple issued iOS 17.2.1 and iOS 16.7.4 for older devices, alongside macOS Sonoma 14.2.1.
The surprise iPhone update contains unspecified bug and security fixes, while the macOS patch fixes a single flaw tracked as CVE-2023-42940.
The Google Android December Security Bulletin was a hefty one, fixing nearly 100 security issues.
The update includes patches for two critical issues in the Framework, the most severe of which could lead to remote escalation of privilege with no additional privileges needed.
User interaction is not needed for exploitation, Google said.
CVE-2023-40088 is a critical flaw in the System that could lead to remote code execution, while CVE-2023-40078 is an elevation of privilege bug rated as having a high impact.
Google has also issued an update for its smart device WearOS platform, fixing CVE-2023-40094, an elevation of privilege flaw.
The Pixel Security Bulletin has not been posted at the time of writing.
Google ended a bumper December of updates in style with an emergency fix for its Chrome browser.
The eighth zero-day vulnerability impacting Chrome in 2024, CVE-2023-7024 is a heap buffer overflow issue in the open source WebRTC component.
It wasn't the first fix released by Google in December.
The software giant also issued a Chrome patch mid-month to fix nine security issues.
Of the flaws reported by external researchers, five are rated as having a high severity, including CVE-2023-6702, a type confusion flaw in V8, and four use-after-free bugs.


This Cyber News was published on www.wired.com. Publication date: Sun, 31 Dec 2023 12:58:06 +0000


Cyber News related to Google Fixes Nearly 100 Android Security Issues

Google promises a rescue patch for Android 14's "ransomware" bug - So Android 14 has this pretty horrible storage bug for upgrading users. Bugs are always going to happen, but the big problem with this is that Google has seemingly been ignoring it, and on Friday we wrote about how users have been piling up hundreds ...
11 months ago Arstechnica.com
Google Cloud Next 2024: New Data Center Chip Joins Ecosystem - Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next '24 conference, held in Las Vegas from April 9 - 11. Overall, Google Cloud is putting its Gemini generative ...
6 months ago Techrepublic.com
What Is Android System WebView and Should You Uninstall It? | Definition from TechTarget - Android developers use WebView when they want to display webpages or Hypertext Markup Language content in a Google app or other application. Android System WebView is a system component for the Android operating system (OS) that enables Android apps ...
1 month ago Techtarget.com
Google Fixes Nearly 100 Android Security Issues - December was a hectic month for updates as firms including Apple and Google rushed to get patches out to fix serious flaws in their products before the holiday break. Enterprise software giants also issued their fair share of patches, with Atlassian ...
10 months ago Wired.com
Android 15, Google Play get new anti-malware and anti-fraud features - Today, Google announced new security features coming to Android 15 and Google Play that will help block scams, fraud, and malware apps on users' devices. Announced at Google I/O 2024, the new features are designed not only to help end users but also ...
5 months ago Bleepingcomputer.com
Versions 14 and 13 of Android are Vulnerable to New Lock Screen Bypass Exploits - Using Android 14 and 13 smartphones, a newly discovered bug allowing the user to bypass the lock screen can compromise sensitive information from Google accounts stored in users' Google accounts, according to security researcher Jose Rodriguez. It ...
10 months ago Cysecurity.news
Falcon Cloud Security Supports Google Cloud Run to Strengthen Serverless Application Security - We're thrilled to share that the CrowdStrike Falcon® sensor now fully supports Google Cloud Run, bringing advanced security capabilities to your serverless applications. While we announced this at Google Cloud Next in April 2024, this blog goes ...
4 months ago Crowdstrike.com
Ahead of Regulatory Wave: Google's Pivotal Announcement for EU Users - Users in the European Union will be able to prevent Google services from sharing their data across different services if they do not wish to share their data. Google and five other large technology companies must comply with the EU's Digital Markets ...
9 months ago Cysecurity.news
Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk - Google is disputing a security vendor's report this week about an apparent design weakness in Google Workspace that puts users at risk of data theft and other potential security issues. According to Hunters Security, a flaw in Google Workspace's ...
11 months ago Darkreading.com
AutoSpill attack steals credentials from Android password managers - Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. In a presentation at the Black Hat Europe security conference, researchers from the International ...
10 months ago Bleepingcomputer.com
The Limitations of Google Play Integrity API - This overview outlines the history and use of Google Play Integrity API and highlights some limitations. We also compare and contrast Google Play Integrity API with the comprehensive mobile security offered by Approov. Google provides app attestation ...
10 months ago Securityboulevard.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
1 month ago Helpnetsecurity.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
10 months ago Feeds.dzone.com
Google shares "fix" for deleted Google Drive files - Google says it identified and fixed a bug causing customer files added to Google Drive after April-May 2023 to disappear. The fix isn't working for all affected users. Once recovery is complete, you'll see a new folder on your desktop with the ...
10 months ago Bleepingcomputer.com
Google says spyware vendors behind most zero-days it discovers - Commercial spyware vendors were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group discovered in 2023 and used to spy on devices worldwide. Zero-day vulnerabilities are security flaws the vendors of impacted software do not ...
9 months ago Bleepingcomputer.com
Oracle’s First Security Update for 2023 Includes 327 New Patches - Oracle has released its first security update of 2023, delivering 327 new security fixes and patching a range of critical vulnerabilities. This update covers products spanning across Oracle’s Cloud portfolio, Fusion Middleware, Hyperion, E-Business ...
1 year ago Securityweek.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
11 months ago Microsoft.com
Frustration grows over Google's AI Overviews feature, how to disable - Since Google enabled its AI-powered search feature, many people have tried and failed to disable the often incorrect AI Overviews feature in regular search results. When you're signed into Google and search for general topics like how to install one ...
5 months ago Bleepingcomputer.com
Google paid $10 million in bug bounty rewards last year - Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. Though this is lower than the $12 million Google's Vulnerability Reward Program paid ...
7 months ago Bleepingcomputer.com
CyberProof Announces Strategic Partnership With Google Cloud - PRESS RELEASE. ALISO VIEJO, Calif. and BENGALURU, India, May 6, 2024 /PRNewswire/ - CyberProof, a UST company, has announced an extended partnership with Google Cloud focused on leveraging Google Chronicle Security Operations and other Google Cloud ...
5 months ago Darkreading.com
Google: Malware abusing API is standard token theft, not an API issue - Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. In late November 2023, BleepingComputer reported on two information-stealing malware ...
10 months ago Bleepingcomputer.com
How to Use Titan Security Keys With Passkey Support - Google's updated Titan Security Keys can serve as a multifactor authenticator and store passkeys to replace passwords. Google announced the availability of Titan Security Keys with passkey support in mid-November 2023; the initial Titan Security Keys ...
10 months ago Techrepublic.com
6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
8 months ago Esecurityplanet.com
Google Fi User Data Breached Through T-Mobile Hack - According to Google Fi's email sent to its customers on Monday, a limited amount of their customer data was exposed in T-Mobile's breach after suspicious activity was noted in a system that contained Google Fi's customer data. Google Fi, Google's ...
1 year ago Hackread.com
IaaS vs PaaS vs SaaS Security: Which Is Most Secure? - Security concerns include data protection, network security, identity and access management, and physical security. While IaaS gives complete control and accountability, PaaS strikes a compromise between control and simplicity, and SaaS provides a ...
10 months ago Esecurityplanet.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)