Android has a worrying security flaw, so users need to update now
Google fixed an Android security bug that was abused in the wild
The latest monthly Android security update has addressed a zero-day vulnerability allegedly being abused in the wild.
Android’s latest cumulative update patches, among other things, CVE-2023-35674, described as a “privilege of escalation” that impacts the Android Framework. The scope of the abuse, however, seems to be relatively small.
"There are indications that CVE-2023-35674 may be under limited, targeted exploitation," Google’s Android Security Bulletin for September 2023 reads. No further details were disclosed.
Android Framework
In total, the update fixes six vulnerabilities found in the Android Framework. Besides the above-mentioned one, there are three other privilege of escalation flaws: “The most severe vulnerability in this section could lead to local escalation of privilege with no additional execution privileges needed,” Google explained. “User interaction is not needed for exploitation.”
Google also said it addressed a critical flaw in the System component, which could allow threat actors to remotely execute code, without needing any input from the victim.
"The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed," it added.
The total amount of flaws fixed in the System module is 14, together with two vulnerabilities in the MediaProvider component.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Google has had its hands full this year, fixing Android flaws abused in the wild. In mid-April, it released a patch in which it addressed three high-severity flaws in the mobile operating system, one of which was being used by hackers. Those holes were tracked as CVE-2023-21085, CVE-2023-21096, and CVE-2022-38181.
The first and second ones are Android System vulnerabilities that allow for remote code execution. The third one - also the one abused in the wild - was a flaw in the Arm Mali GPU kernel driver. Described as a use-after-free vulnerability, it allowed threat actors to escalate privileges on target endpoints via malicious apps.
Via: The Hacker News
More security news from TechRadar Pro
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.