Google has rolled out month-to-month safety patches for Android to handle a lot of flaws, together with a zero-day bug that it stated could have been exploited within the wild.
Tracked as CVE-2023-35674, the high-severity vulnerability is described as a case of privilege escalation impacting the Android Framework.
“There are indications that CVE-2023-35674 could also be below restricted, focused exploitation,” the corporate stated in its Android Safety Bulletin for September 2023 with out delving into further specifics.
The replace additionally addresses three different privilege escalation flaws in Framework, with the search large noting that essentially the most extreme of those points “might result in native escalation of privilege with no further execution privileges wanted” sans any consumer interplay.
Approach Too Weak: Uncovering the State of the Id Assault Floor
Achieved MFA? PAM? Service account safety? Learn the way well-equipped your group really is towards id threats
Google stated it has additional plugged a vital safety vulnerability within the System part that might result in distant code execution with out requiring interplay on the a part of the sufferer.
“The severity evaluation is predicated on the impact that exploiting the vulnerability might have on an affected system, assuming the platform and repair mitigations are turned off for improvement functions or if efficiently bypassed,” it added.
In complete, Google has mounted 14 flaws within the System module and two shortcomings within the MediaProvider part, the latter of which will likely be delivered as a Google Play system replace.
