Google has rolled out regular monthly security patches for Android to deal with a variety of flaws, including a zero-day bug that it said could have been exploited in the wild.
Tracked as CVE-2023-35674, the substantial-severity vulnerability is described as a circumstance of privilege escalation impacting the Android Framework.
“There are indications that CVE-2023-35674 might be less than minimal, qualified exploitation,” the firm explained in its Android Security Bulletin for September 2023 with out delving into extra particulars.
The update also addresses three other privilege escalation flaws in Framework, with the research large noting that the most serious of these issues “could guide to area escalation of privilege with no added execution privileges necessary” sans any consumer conversation.
Approaching WEBINARWay Far too Susceptible: Uncovering the State of the Identity Attack Area
Realized MFA? PAM? Service account protection? Locate out how well-geared up your corporation definitely is towards id threats
Supercharge Your Expertise
Google explained it has more plugged a critical security vulnerability in the Procedure component that could guide to distant code execution with no demanding interaction on the aspect of the victim.
“The severity evaluation is dependent on the effect that exploiting the vulnerability would probably have on an affected device, assuming the platform and company mitigations are turned off for improvement reasons or if effectively bypassed,” it included.
In whole, Google has preset 14 flaws in the System module and two shortcomings in the MediaProvider element, the latter of which will be sent as a Google Enjoy method update.
Found this report appealing? Abide by us on Twitter and LinkedIn to go through extra unique written content we publish.
Some parts of this article are sourced from:
thehackernews.com