Preface: Android security bulletin published on 7th Aug 2023, CVE-2023-21287 may causes remote code execution.
Officials did not disclose specific details. But what is the design weaknesses?
Background: The Android security update is available for all Android versions that still receive regular updates (Android 11, 12, and 13). If you are using Android 10 or below, On March 2023, Android 10 end of life, so it do not provides security update anymore.
FreeType is a freely available software library to render fonts.
It is written in C, designed to be small, efficient, highly customizable, and portable while capable of producing high-quality output (glyph images) of most vector and bitmap font formats.
Some products that use FreeType for rendering fonts on screen or on paper, either exclusively or partially:
- GNU/Linux and other free Unix operating system derivates like FreeBSD or NetBSD;
- Platforms for smart devices, including Android, Tizen, and Roku;
- iOS, Apple’s mobile operating system for iPhones and iPads;
Vulnerability details: A vulnerability in Framework that could allow for remote code execution.
Official announcement: For detail, please refer to the link – https://android.googlesource.com/platform/external/freetype/+/a79e80a25874dacaa266906a9048f13d4bac41c6