Google has recently released monthly security patches for Android, aimed at addressing several vulnerabilities, including a zero-day bug that may have already been exploited in the wild.
Referred to as CVE-2023-35674, this high-severity vulnerability is categorized as a privilege escalation issue affecting the Android Framework. Google has stated in its Android Security Bulletin for September 2023 that there are indications of limited, targeted exploitation of CVE-2023-35674, but further details have not been provided.
The update also resolves three other privilege escalation flaws within the Framework. Google has highlighted that the most severe of these flaws could potentially allow local privilege escalation without requiring any additional execution privileges or user interaction.
Additionally, Google has resolved a critical security vulnerability within the System component. This vulnerability has the potential to enable remote code execution without any interaction from the victim.
Google has assessed the severity of these vulnerabilities based on the potential impact they could have on affected devices, assuming that platform and service mitigations are disabled for development purposes or if successfully bypassed.
In total, Google has successfully addressed 14 flaws in the System module and has also resolved two shortcomings in the MediaProvider component. The update for the latter will be distributed as a Google Play system update.
CyberSec84 | Cybersecurity news. 
Leave a comment