Google has released its monthly security patches for Android [1] [2] [4] [5] [6], addressing various vulnerabilities [2] [4] [5], including a zero-day bug known as CVE-2023-35674 [4]. This article provides a detailed description of the vulnerabilities and highlights the importance of updating Android devices promptly.
Description
The recent security update from Google addresses multiple vulnerabilities in Android. One of the most significant vulnerabilities is a high-severity privilege escalation bug in the Android Framework, known as CVE-2023-35674 [2] [3] [4] [5] [6]. There are indications that this bug may have been targeted in the wild, with limited [1], targeted exploitation observed [2] [3].
In addition to CVE-2023-35674, the update also resolves three other privilege escalation flaws in the Framework [1] [2] [3] [4] [5]. Among these, one vulnerability is labeled as the most severe, as it allows for local privilege escalation without any user interaction [3].
Furthermore, Google has addressed a critical security vulnerability in the System component [1] [2] [3] [4]. This fix mitigates the risk of remote code execution without any action from the victim [3]. Specifically, 14 vulnerabilities within the System module have been fixed [3], along with two issues in the MediaProvider component [3].
Conclusion
To protect against potential attacks [6], it is highly recommended to update your Android phone as soon as possible [6]. The security patches provided by Google address various vulnerabilities, including a zero-day bug and privilege escalation flaws. By promptly updating your device, you can mitigate the risk of exploitation and ensure the security of your Android device. The updates will be distributed through a Google Play system update [3].
References
[1] https://thehackernews.com/2023/09/zero-day-alert-latest-android-patch.html
[2] https://isp.page/news/zero-day-alert-latest-android-patch-update-includes-fix-for-newly-actively-exploited-flaw-2/
[3] https://firsthackersnews.com/latest-android-patch/
[4] https://vulners.com/thn/THN:449B0BE06EEF6CFEDC62479EBB04C04D
[5] https://cyber.vumetric.com/security-news/2023/09/06/zero-day-alert-latest-android-patch-update-includes-fix-for-newly-actively-exploited-flaw/
[6] https://www.tomsguide.com/news/millions-at-risk-from-actively-exploited-android-zero-day-update-right-now
