TechBitesThe October 2023 security updates for Android address 51 vulnerabilities, including two zero-day flaws that were exploited in attacks. One of the exploited issues, CVE-2023-4863, is a heap buffer overflow in the Libwebp library leading to remote code execution. It was reported by Apple and the Citizen Lab group at The University of Toronto and had been used to deliver spyware to iPhones. The second zero-day flaw, CVE-2023-4211, affects the Arm Mali GPU driver and allows improper GPU memory processing operations. Google has not provided specific information on these attacks, but past instances have shown these vulnerabilities being used in exploit chains to deliver commercial spyware.