Google Releases Urgent Safety Update for Android
Google has released an urgent safety update for Android that aims to eliminate 33 vulnerabilities. Of particular concern is the zero-day vulnerability known as CVE-2023-35674, which has already been targeted in cyber attacks.
Vulnerabilities Addressed in the Update
- CVE-2023-35674: This high-risk zero-day vulnerability in the Android Framework allows attackers to escalate privileges without user interaction. Google has confirmed that the vulnerability is already being exploited on a limited scale.
- Critical vulnerabilities in the Android System component have also been addressed in the update:
- CVE-2023-35658: This vulnerability can lead to remote code execution (RCE) without additional privileges or user interaction.
- CVE-2023-35673: Similar to CVE-2023-35658, this vulnerability also enables remote code execution without additional privileges or user interaction.
- CVE-2023-35681: A critical vulnerability in closed components of Qualcomm is associated with memory corruption in the built-in WLAN. This flaw could allow remote cybercriminals to execute arbitrary code, access confidential information, or cause system failures.
Google strongly advises all users to update their devices to the latest available version of Android as soon as possible.
As usual, Google has provided two sets of corrections: a basic set (2023-09-01) and an expanded set (2023-09-05). The expanded set includes all the fixes from the basic set, as well as additional corrections for third-party components with closed source
/Reports, release notes, official announcements.