Lookout provides multilayered protection for devices that are exploitable through multiple vectors and could be compromised. To ensure your devices aren’t exposed to the vulnerabilities listed above, please ensure that these devices have their security patch levels updated. Samsung fixes were in 2021 security fixes and the rest of the exploited vulnerability list is fixed in Android’s July security patch level. Lookout highly recommends keeping security patch level updates on auto update. The other manufacturer’s are following up on releasing their security fixes and those should be applied to devices as soon as they are available.
Lookout admins should set default Out of Date SPL policy to have a minimum security patch level of July 2023. They can then choose whether to advise or alert the user that the device is out of compliance or block access to enterprise resources until security patch level is updated.
They can also utilise the escalation feature to auto update the severity, if not updated.
CISA is requiring all government organizations to update to the patched versions of Samsung devices by July 20th, 2023. The Android update must be applied by July 28th, 2023.
CISA announced 7 actively exploited vulnerabilities recently which were fixed by the vendors over the time. The first set refers to the software vulnerabilities affecting Samsung devices while the second set belongs to all Android devices.
Samsung specific vulnerabilities (also part of CISA guidelines to fix by July 20th, 2023):
Android released two new security patch releases in July covering 3 actively exploited vulnerabilities amongst 46 new software security fixes. The three actively exploited ones are:
All the vulnerabilities listed above are something which have been found to be actively exploited. While the Samsung fixes were available to the devices in March to October 2021 releases, the two android security patches were released in July 2023 fixing 46 software vulnerabilities of varying severity. Aside from the 3 listed above, the fixes also include a few other notable ones like CVE- 2023-21250, affecting the Android System component, which can cause remote code execution without user interaction or additional execution privileges, making it particularly precarious.
Lookout provides multilayered protection for devices that are exploitable through multiple vectors and could be compromised. To ensure your devices aren’t exposed to the vulnerabilities listed above, please ensure that these devices have their security patch levels updated. Samsung fixes were in 2021 security fixes and the rest of the exploited vulnerability list is fixed in Android’s July security patch level. Lookout highly recommends keeping security patch level updates on auto update. The other manufacturer’s are following up on releasing their security fixes and those should be applied to devices as soon as they are available.
Lookout admins should set default Out of Date SPL policy to have a minimum security patch level of July 2023. They can then choose whether to advise or alert the user that the device is out of compliance or block access to enterprise resources until security patch level is updated.
They can also utilise the escalation feature to auto update the severity, if not updated.
CISA is requiring all government organizations to update to the patched versions of Samsung devices by July 20th, 2023. The Android update must be applied by July 28th, 2023.
Lookout Threat Advisory provides cutting-edge mobile threat intelligence from Lookout’s global sensor network of millions of mobile devices and insights from Lookout’s top mobile security researchers. Protecting and preventing your organization from major threats.
September 22, 2023
Apple recently released two software updates for iOS and iPad OS for vulnerabilities that can form an exploit chain and are also known to install Predator spyware.
September 15, 2023
September 19, 2023