Google fixes 52 security issues in the May 2023 security updates for Android

Martin Brinkmann
May 2, 2023
Google Android
|
8

Google has just released the May 2023 security bulletin for its Android operating system. It addresses 52 different security issues in Android and components.  The company publishes the security bulletin on the first Monday of each month. Manufacturers of Android devices may then integrate these security updates into their products.

Google's own Pixel devices are usually the first, or among the first, to receive these security updates. Third-party manufacturers, such as Samsung, Motorola or Xiaomi will release updates for their devices as well in the coming days and weeks.

Google explains that  a high security vulnerability in the Framework component is the most severe issue in May 2023. It could lead to local escalation of privilege with "no additional execution privileges needed".

Patches are divided into two groups. The first lists security issues in Android and Google Play, the second vulnerabilities in Android Kernel and hardware-specific components, e.g., components from ARM or Qualcomm.

Here is the overview:

  • Framework Vulnerabilities: 10 vulnerabilities. Maximum severity level is high. The most severe vulnerability could lead to local escalation of privilege and does not require user interaction for exploitation.
  • System Vulnerabilities: 6 vulnerabilities. Maximum severity level is high. The most severe vulnerability could lead to local escalation of privilege without requiring user interaction.
  • Google Play system update: 2 vulnerabilities in the Permission Controller.
  • Kernel vulnerabilities: 2 vulnerabilities. Maximum severity is high. Most severe vulnerability could lead to local escalation of privilege and does not require user interaction.
  • Kernel components: 1 vulnerability. Maximum severity is moderate. Same danger as Kernel vulnerabilities.
  • Kernel LTS vulnerabilities: 5 vulnerabilities.
  • ARM components: 5 vulnerabilities. The maximum severity of the vulnerabilities is high.
  • Imagination Technologies: 1 vulnerability. The maximum severity of the vulnerability is high.
  • MediaTek components vulnerabilities: 7 vulnerabilities. The maximum severity of the vulnerability is high.
  • Unisoc components vulnerabilities. 5 vulnerabilities. The maximum severity of the vulnerability is high.
  • Qualcomm components vulnerabilities. 2 vulnerabilities. The maximum severity of the vulnerability is high.
  • Qualcomm closed-source components vulnerabilities: 6 vulnerabilities. The maximum severity of the vulnerability is high.

Google Pixel device owners may want to run a manual check for updates in the Settings. The update should be found during a manual check for updates and installed on these devices.  It may take a could of days or even longer before devices by other manufacturers receive the update as well.

Now You: when do you install the Android security updates?

Summary
Google releases May 2023 security updates for Android
Article Name
Google releases May 2023 security updates for Android
Description
Google has just released the May 2023 security bulletin for its Android operating system.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. daniel_security_is_theatre said on May 2, 2023 at 9:15 pm
    Reply

    Why didn’t Daniel McKay find and fix all of these earlier since he thinks he knows better than 200 google security devs with a combined IQ of 5.34 trillion

  2. J said on May 2, 2023 at 12:27 pm
    Reply

    Bit of a rant but usefully on-subject. Consumer product security including Windows could be much better with some changes to design philosophy:

    Locked source: in the days of 3.11 when local user ini file mods were a IT nightmare on one of the biggest networks in its day, I locked a refined windows copy onto a CD which was quite a good emergency solution for remote offices with work-station BSOD. Manufacturers should make their products as good as they can and then lock them from any kind of hack alteration.

    Sub periscope style internet usage: Cyrix has a lot to answer for, plus that 6 mainframes quote from IBM! Consumers should either have dumb terminals with always-on broadcasting and remote processing or they should use today’s enormous processing power with local number-crunching and quick data-bursts that today’s rapidly increasing quantity of online trouble-makers would find much harder to exploit not both usage types on all products, it’s just silly. Today as one simple example you should manually enter airplane mode after you have your daily hit of news reading material on your screen, reducing your risk exposure by about 95%, try and argue that lower risk profile.

    Sales: Everyone wants to buy a finished product ready to use and yet, what we have today is just marketing (Windows 10 was supposed to be the last time the world spends 30 billion man hours making changes for not much benefit) plus, it was a half-baked product when it first got distributed and may only get polished into an end product if enough customers buy into it, it’s so wrong and it needs governments who are always being screwed on IT to say enough is enough!

    Android actually needs shared high-street shops for the long-term major brands, the next design iteration should have removable roms so if you want an upgrade you go to a OS shop that serves all the supported brands and you either a swap-out handset to fix a physical issue perhaps for a price, or get your new OS on a chip swap-out or you trade-in for a newer handset in a manner that bypasses s/h resale which is full of hassle and dangers and probably part of the security problem if you are unlucky.

    The tech industry could do with some oversight to give it basic collective direction and I share this because globally, productivity is falling despite the drivers being in place to improve it, with security issues being a valid concern especially in this article when the bugs are all serious hi-jack level.

  3. John G. said on May 2, 2023 at 12:08 pm
    Reply

    I tested yesterday the Brave browser for long hours, browsing for my favorite websites and I was quite surprised about its high quality and features, better than Edge ans so far away better than Chrome. I can’t understand why Brave has so low market numbers. Here at my classroom I am the only one that have Edge and Firefox as main browsers, mostly all of my classmates use only Chrome, and I meant only Chrome for nearly everything. Few friends also use Safari because they have MacOS. In the mobile phones all of us are using Chrome, furthermore I still haven’t found one people that use other than Chrome in Android. What does this mean? Easy, Chrome is Chrome, for bad or good it’s everywhere you look at, really, everywhere. When I share my laptop everyone ask me where is the Chrome link at desktop, LOL.

    1. Jek they/them Porkins said on May 3, 2023 at 11:25 am
      Reply

      I think it’s because Brave’s default homepage looks like a 2000’s myspace page. Lots of scammy looking crypto being promoted. Compare that to Chrome’s cleaner and less cluttered default home page and that’s scares the “normies” away.

    2. Nameless said on May 2, 2023 at 11:58 pm
      Reply

      because there is no point to use another browser. Almost all browsers are the same. They get you to browse the WWW and they all do a darn good job….most People use the most popular browser and that’s it…there is no need for another browser. I have tried all of them and always come back to Chrome…because of simplicity fast and does the job I need to do without pain.

      1. John G. said on May 3, 2023 at 12:13 am
        Reply

        @Nameless, and Chrome numbers could be more high considering that Edge is inside the OS like a limpet, like IE11 was inside all Windows. The forced use of one inner’s OS browser should be avoided at all cost, however the USA and the EU are so soft with Microsoft…

    3. Anonymous said on May 2, 2023 at 3:17 pm
      Reply

      Convenience, it’s that simple.

  4. Bazook said on May 2, 2023 at 8:38 am
    Reply

    People don’t care, because they don’t know how much gets patched/fixed each month. Android is a very leaking boat to put it mildly, yet there are ridiculous amounts of phones/tablets in use with very old patches. You really should prioritize the patching policy and lenght of support when getting a new phone. By researching a bit your options diminish, sure, but the ones left standing are good options. You can skip garbage like Sony, Motorola and Nokia right away, to name just a few.. Nokia went south a few years ago and Lenovo turned Motorola to a joke, they have had a habit of straight out lying about the support their phones will receive for many years now. In the past Motorola were great phones for custom ROMs but not anymore, and Nokia are even worse by not letting one unlock their bootloaders even after their short support has ended. Like I said, garbage. Save your money, and nerves, and buy a real phone instead.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.