Google has rolled out month-to-month safety patches for Android to deal with plenty of flaws, together with a zero-day bug that it mentioned might have been exploited within the wild.
Tracked as CVE-2023-35674, the high-severity vulnerability is described as a case of privilege escalation impacting the Android Framework.
“There are indications that CVE-2023-35674 could also be beneath restricted, focused exploitation,” the corporate mentioned in its Android Security Bulletin for September 2023 with out delving into extra specifics.
The replace additionally addresses three different privilege escalation flaws in Framework, with the search big noting that probably the most extreme of those points “may result in native escalation of privilege with no extra execution privileges wanted” sans any person interplay.
Way Too Vulnerable: Uncovering the State of the Identity Attack Surface
Achieved MFA? PAM? Service account safety? Find out how well-equipped your group really is towards id threats
Google mentioned it has additional plugged a crucial safety vulnerability within the System element that would result in distant code execution with out requiring interplay on the a part of the sufferer.
“The severity evaluation relies on the impact that exploiting the vulnerability might have on an affected system, assuming the platform and repair mitigations are turned off for improvement functions or if efficiently bypassed,” it added.
In complete, Google has fastened 14 flaws within the System module and two shortcomings within the MediaProvider element, the latter of which shall be delivered as a Google Play system replace.