Connect with us

Hi, what are you looking for?


Mobile & Wireless

Android Zero-Day Patched With September 2023 Security Updates 

Android’s September 2023 security update resolves a high-severity elevation of privilege vulnerability exploited in malicious attacks.

Android zero-day

Google on Tuesday announced that Android’s September 2023 security updates contain patches for 32 vulnerabilities, including one that has been exploited in attacks.

Tracked as CVE-2023-35674, the zero-day flaw is described as a high-severity elevation of privilege in Android’s Framework component.

According to Google’s advisory, no additional execution privileges or user interaction are required to exploit the bug.

“There are indications that CVE-2023-35674 may be under limited, targeted exploitation,” Google notes, without providing details on the observed attacks.

Google has become aware of several Android zero-days in recent years and many of them have been exploited by commercial spyware vendors

Five other high-severity vulnerabilities were addressed in Framework, three leading to elevation of privilege and two to information disclosure.

All six issues were resolved as part of Android’s 2023-09-01 security patch level, which also addresses 14 vulnerabilities in the System component.

Advertisement. Scroll to continue reading.

Of these, three are critical-severity bugs that could lead to remote code execution, while the rest are high-severity flaws, six leading to elevation of privilege, four to information disclosure, and one to denial-of-service (DoS).

“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation,” Google notes.

The internet giant also announced that two other issues were resolved in Project Mainline components with updates delivered via Google Play. Targeting vital Android components, these updates are delivered in the background, without forcing a device reboot.

The second part of this month’s security update for Android arrives on devices as the 2023-09-05 security patch level with fixes for 12 other vulnerabilities in Qualcomm components.

The 2023-09-05 security patch level addresses all bugs in this month’s security updates and the issues resolved with previous patch levels.

This month, Google has released no patches for Android Automotive OS. The internet giant has yet to publish a security bulletin describing the fixes released for vulnerabilities in Pixel devices.

Related: 40 Vulnerabilities Patched in Android With August 2023 Security Updates

Related: Android Security Updates Patch 3 Exploited Vulnerabilities

Related: Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.