NOTICE: Update Android Devices ASAP
Friday, October 6, 2023
This notice is intended for U-M IT staff who are responsible for university devices using Android OS, or individuals using Android devices. It is especially important for personal devices used for university business.
Google has released an important update for Android to remediate a zero-day vulnerability (CVE-2023-4863 and CVE-2023-4211) that is being actively exploited in the wild. We expect additional software vendors will also be releasing updates to fix other applications affected by this vulnerability.
Update Android devices as soon as possible.
Although there is no confirmation as of yet, an exploit could potentially enable a zero-click attack when visiting a website containing a malicious image.
The vulnerability is being actively exploited in the wild.
Google Android versions prior to the 2023-10-06 security patch update.
Due to reports of active exploitation of this vulnerability, the need for immediate action supersedes the remediation timeframes in Vulnerability Management (DS-21).
How We Protect U-M
ITS Information Assurance (IA) monitors a number of sources for information about new vulnerabilities and threats and provides up-to-date information to the university community.
Information for Users
In general, the best protection for your devices is this: keep your software and apps up-to-date, do not click suspicious links in email, do not open shared documents or email attachments unless you are expecting them and trust the person who sent them, and only use secure, trusted networks. For more information, see Phishing & Suspicious Email, Secure Your Devices, and Secure Your Internet Connection on the U-M Safe Computing website.
Questions, Concerns, Reports
Please contact ITS Information Assurance through the ITS Service Center.