The monthly security patch from Google for the Android operating system includes solutions for 56 vulnerabilities, five of which have a critical severity rating and one of which has been exploited since at least December of last year. A patch for CVE-2022-22706, a high-severity vulnerability in the Mali GPU kernel driver from Arm that Google’s Threat Analysis Group (TAG) suspects may have been used in a spyware campaign against Samsung phones, is integrated into the latest security patch level 2023-06-05.
According to Google’s most recent alert, “there are indications that CVE-2022-22706 may be subject to limited, targeted exploitation.” In a late March alert, CISA also noted the active exploitation of CVE-2022-22706.