Get in Touch
Please get in touch using the form below.
Google releases security update which addresses Android vulnerability exploited by spyware
Target Industry
Indiscriminate, opportunistic targeting.
Overview
Google has released a security update addressing 56 vulnerabilities, the highlight being that of CVE-2022-22706 (CVSSv3 Score: 7.8). The flaw pertains to the Mail GPU kernel driver and reporting has indicated that it has already been exploited by spyware.
Impact
Successful exploitation of CVE-2022-22706 would allow a threat actor to achieve write access to read-only memory pages, thus leading to the potential compromise and integrity of data.
Affected Products
– Midgard GPU Kernel Driver: All versions from r26p0 – r31p0
– Bifrost GPU Kernel Driver: All versions from r0p0 – r35p0
– Valhall GPU Kernel Driver: All versions from r19p0 – r35p0
Containment, Mitigations & Remediations
It is strongly recommended that Android users apply the relevant security updates as soon as possible. The vulnerability reported on was remediated in the Bifrost and Valhall GPU Kernel Driver r36p0 and in Midgard Kernel Driver r32p0 updates. Samsung also addressed the flaw in its May 2023 update.
It should be noted that devices operating Android 10 or older are no longer supported and will therefore not receive this security update. In such cases users are strongly advised to either switch to a supported Android model or refer to a third-party Android distribution that provides the relevant updates.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
Threat Landscape
Android occupies a significant portion of the mobile operating system share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Android devices have emerged a prime target. Due to the fact that the Android devices has become an integral aspect of both personal and business operations, threat actors will continue to exploit vulnerabilities contained within these products in an attempt to extract the sensitive data contained therein.
Threat Group
No attribution to specific threat actors or groups has been identified at the time of writing.
Mitre Methodologies
Defense Evasion Technique:
– T1222 – File and Directory Permissions Modification
Further Information