The security updates for Android released in May fixed a vulnerability with extreme severity that happened to be a 0-day exploit that let commercial spyware be installed on devices that are compromised. The flaw in security has been termed CVE-2023-0266.
Details On The Android Exploit
This specific Android exploit happens to be a weakness that is use-after-free. It is present in the sound subsystem of the Linux kernel and can cause an escalation of privilege without any interactions from the user.
As per a March report by the TAG (Google Threat Analysis Group), it was one of the components belonging to a complicated chain. The chain included several n-days and 0-days and was a further component of a campaign of spyware that targeted Android phones made by Samsung.
The aggressors would let loose a suite of spyware on devices that were compromised. This suit could decrypt and extract information from browser and chat apps, according to Google TAG. A similar chain of exploit included one more 0-day, termed CVE-2022-4262. It was present in the web browser of Chrome, a sandbox escape in Chrome, and vulnerabilities that were present in the Kernel of Linux and the Kernel Driver of the Mali GPU.
According to Google TAG, the attacks had links with Variston, a mercenary vendor of spyware from Spain. It is primarily known for the exploit framework named Heliconia which is targeted toward the platform of Windows. The monthly Android security bulletin stated that CVE-2023-0266 may be being exploited in a limited and targeted manner.
The day after the publication of the TAG report, CISA added this exploit to its list of Known Exploited Vulnerabilities. As such, FCEB was given by CISA to ensure every vulnerable Android device is secure from attacks targeting this bug.
