NOTICE: Update Android Devices ASAP

Friday, October 6, 2023

This notice is intended for U-M IT staff who are responsible for university devices using Android OS, or individuals using Android devices. It is especially important for personal devices used for university business.

Summary

Google has released an important update for Android to remediate a zero-day vulnerability (CVE-2023-4863 and CVE-2023-4211) that is being actively exploited in the wild. We expect additional software vendors will also be releasing updates to fix other applications affected by this vulnerability.

Update Android devices as soon as possible.

Problem

Although there is no confirmation as of yet, an exploit could potentially enable a zero-click attack when visiting a website containing a malicious image.

Threats

The vulnerability is being actively exploited in the wild.

Affected Versions

Google Android versions prior to the 2023-10-06 security patch update.

Action Items

Due to reports of active exploitation of this vulnerability, the need for immediate action supersedes the remediation timeframes in Vulnerability Management (DS-21).

Update Google Android devices to the latest version as soon as possible. Update any other software impacted by the (CVE-2023-4863 and CVE-2023-4211) vulnerability.

Technical Details

How We Protect U-M

ITS Information Assurance (IA) monitors a number of sources for information about new vulnerabilities and threats and provides up-to-date information to the university community.

IA performs regular vulnerability scans of university networks to identify vulnerable devices and request remediation and provides vulnerability management guidance to the university.

Information for Users

In general, the best protection for your devices is this: keep your software and apps up-to-date, do not click suspicious links in email, do not open shared documents or email attachments unless you are expecting them and trust the person who sent them, and only use secure, trusted networks. For more information, see Phishing & Suspicious Email, Secure Your Devices, and Secure Your Internet Connection on the U-M Safe Computing website.

Questions, Concerns, Reports

Please contact ITS Information Assurance through the ITS Service Center.