Google has released its monthly security patches for Android to tackle various vulnerabilities, one of which is a zero-day bug that may have been exploited in real-world scenarios.
Latest Android Patch Update
Designated as CVE-2023-35674, this high-severity vulnerability is characterized as a privilege escalation issue affecting the Android Framework.
The company’s September 2023 Android Security Bulletin hints at limited, targeted exploitation of CVE-2023-35674, without providing further details.
Additionally, the update tackles three other privilege escalation flaws in Framework, one of which could enable local privilege escalation without any user interaction.
Google has reported that it has successfully patched a critical security vulnerability in the System component, mitigating the risk of remote code execution without necessitating any action from the victim.
The severity assessment is determined by considering the potential impact of exploiting the vulnerability on an affected device, assuming that platform and service mitigations are disabled for development purposes or if they are successfully bypassed, according to the statement.
Overall, Google has addressed a total of 14 vulnerabilities within the System module and resolved two issues in the MediaProvider component. The latter fixes will be distributed through a Google Play system update.