Google on Tuesday announced that Android’s September 2023 security updates contain patches for 32 vulnerabilities, including one that has been exploited in attacks.
Tracked as CVE-2023-35674, the zero-day flaw is described as a high-severity elevation of privilege in Android’s Framework component.
According to Google’s advisory, no additional execution privileges or user interaction are required to exploit the bug.
“There are indications that CVE-2023-35674 may be under limited, targeted exploitation,” Google notes, without providing details on the observed attacks.
Google has become aware of several Android zero-days in recent years and many of them have been exploited by commercial spyware vendors.
Five other high-severity vulnerabilities were addressed in Framework, three leading to elevation of privilege and two to information disclosure.
All six issues were resolved as part of Android’s 2023-09-01 security patch level, which also addresses 14 vulnerabilities in the System component.
Of these, three are critical-severity bugs that could lead to remote code execution, while the rest are high-severity flaws, six leading to elevation of privilege, four to information disclosure, and one to denial-of-service (DoS).
“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation,” Google notes.
The internet giant also announced that two other issues were resolved in Project Mainline components with updates delivered via Google Play. Targeting vital Android components, these updates are delivered in the background, without forcing a device reboot.
The second part of this month’s security update for Android arrives on devices as the 2023-09-05 security patch level with fixes for 12 other vulnerabilities in Qualcomm components.
The 2023-09-05 security patch level addresses all bugs in this month’s security updates and the issues resolved with previous patch levels.
This month, Google has released no patches for Android Automotive OS. The internet giant has yet to publish a security bulletin describing the fixes released for vulnerabilities in Pixel devices.
Related: 40 Vulnerabilities Patched in Android With August 2023 Security Updates
Related: Android Security Updates Patch 3 Exploited Vulnerabilities
Related: Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
More from Ionut Arghire
- Generative AI Startup Nexusflow Raises $10.6 Million
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
- Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
- FBI Warns Organizations of Dual Ransomware, Wiper Attacks
- Lumu Raises $30 Million for Threat Detection and Response Platform
- Cisco Warns of IOS Software Zero-Day Exploitation Attempts
- Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
