Google has rolled out month-to-month security patches for Android to tackle a range of flaws, including a zero-day bug that it said may have been exploited in the wild.
Tracked as CVE-2023-35674, the superior-severity vulnerability is described as a situation of privilege escalation impacting the Android Framework.
“There are indications that CVE-2023-35674 might be below restricted, targeted exploitation,” the firm explained in its Android Security Bulletin for September 2023 without the need of delving into supplemental specifics.
The update also addresses 3 other privilege escalation flaws in Framework, with the search big noting that the most intense of these issues “could lead to community escalation of privilege with no supplemental execution privileges essential” sans any consumer conversation.
Upcoming WEBINARWay Far too Susceptible: Uncovering the Point out of the Identity Attack Floor
Obtained MFA? PAM? Assistance account protection? Uncover out how effectively-geared up your corporation genuinely is versus id threats
Supercharge Your Expertise
Google claimed it has further plugged a critical security vulnerability in the Technique element that could lead to distant code execution without the need of demanding conversation on the portion of the target.
“The severity evaluation is primarily based on the influence that exploiting the vulnerability would quite possibly have on an impacted machine, assuming the platform and services mitigations are turned off for improvement purposes or if successfully bypassed,” it added.
In total, Google has preset 14 flaws in the Method module and two shortcomings in the MediaProvider element, the latter of which will be shipped as a Google Engage in method update.
Found this article fascinating? Adhere to us on Twitter and LinkedIn to browse extra unique written content we article.
Some pieces of this short article are sourced from: