Android
Vulnerability
Threat Guidances
October 5, 2023

CVE-2023-5217

Vectorized man holding a phone with android icon on display.

Coverage and Recommendation for Lookout Admins

Lookout strongly suggests all mobile device users turn on the app auto-update capability on their respective devices. Lookout admins should proactively enable the vulnerability protection policy in the Lookout console and configure it with the appropriate remediation actions that align with their organization’s response workflows. Lookout will detect on the following out-of-date app versions for Firefox as of October 5th and Chrome as of October 12th. 

  • Chrome for Android (com.android.chrome) versions lower than 117.0.5938.140 will be detected as Chrome-CVE-2023-5217 
  • Firefox for Android (org.mozilla.firefox) versions lower than 118.1.0 will be detected as Firefox-CVE-2023-5217 
  • Firefox Focus for Android (org.mozilla.focus) versions lower than 118.1.0 will be detected as FirefoxFocus-CVE-2023-5217

Overview

There has recently been a vulnerability disclosed in libvpx, which is a video codec library from Google and the Alliance for Open Media. The vulnerability, which is tracked as CVE-2023-5217, affects multiple browsers that use libvpx including Chrome, Firefox, and Firefox Focus for Android. Since the vulnerability is most likely to be exploited remotely using web-hosted content, it was given a CVSS score of 8.8/10. 

Since this vulnerability is being actively exploited in the wild and could enable remote code execution, CISA has made it a requirement for government organizations to patch it by October 23rd, 2023. The patched versions of the affected apps are available on Google Play.

Lookout Analysis

This vulnerability is a heap buffer overflow in the vp8 encoding in libvpx and could allow a remote attacker to exploit heap corruption via a maliciously-crafted HTML page. The most likely way for an attacker to exploit this vulnerability would be to send their target a link to a malcrafted webpage in hopes that the target still has a vulnerable version of Chrome or Firefox on their device. 

It’s common for attackers to try to take advantage of the window between when a vulnerability is disclosed and when apps are updated, as anyone who does not have automatic app updates turned on could be exploitable for days or even weeks. A successful exploit may grant a threat actor access to the vulnerable browser’s capabilities without needing to root the device. In the case of Chrome, for example, this includes access to contacts, the device’s microphone, on-device identity, the camera, media files, and more.

Authors

No items found.
Platform(s) Affected
Android
Threat Type
Vulnerability
Entry Type
Threat Guidances
Platform(s) Affected
Android
Vulnerability
Threat Guidances

Related Content

BancaMarStealer

A customizable Malware-as-a-Service banking trojan delivered through any app with messaging capabilities.

Read Threat Article

Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy

Researchers at the Lookout Threat Lab have discovered a new Android surveillance tied to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA).

Read Threat Article

Multiyear Surveillance Campaigns Discovered Targeting Uyghurs

The Lookout Threat Intelligence team has discovered four Android surveillanceware tools used as part of a much larger mAPT (mobile advanced persistent threat).

Read Threat Article
A woman using her phone and laptop on a train ride.

Lookout Mobile Endpoint Security

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Advanced mobile Endpoint Detection & Response powered by data from 185M+ apps and 200M+ devices on iOS, Android, ChromeOS.

Try Lookout for Free Today
Schedule Demo
HeaderHeaderHeaderHeader
CellCellCellCell
CellCellCellCell
CellCellCellCell
CellCellCellCell