Android’s September Security Update Patches Zero-Day Threat
The September 2023 Android security updates have been released, focusing on addressing a total of 33 vulnerabilities. According to BleepingComputer, these updates also address a high-severity zero-day bug.
The zero-day vulnerability, identified as CVE-2023-35674, is found in the Android Framework and is currently being actively exploited.
This flaw allows attackers to escalate privileges without requiring user interaction or additional execution privileges. Google has acknowledged that there are signs of limited, targeted exploitation of this vulnerability.
Google issued an advisory stating, “Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform.”
“We encourage all users to update to the latest version of Android where possible,” the advisory continued.
In addition to this zero-day bug, the September Android security updates also address three critical security flaws in the Android System component, along with one in Qualcomm closed-source components.
These critical System vulnerabilities (CVE-2023-35658, CVE-2023-35673, CVE-2023-35681) can lead to remote code execution (RCE) without needing additional execution privileges or user interaction.
The fourth critical bug (CVE-2023-28581), as described by Qualcomm, is a WLAN Firmware memory corruption issue.
It has the potential to allow remote attackers to execute arbitrary code, access sensitive information, or trigger system crashes in low-complexity attacks that don’t require privileges or user interaction.
Google has issued two sets of patches for September 2023: the 2023-09-01 and 2023-09-05 security patch levels. The latter includes all the security fixes from the initial set, along with additional patches for third-party closed-source and Kernel components.
It’s important to note that, except for Google Pixel devices, other vendors may take some time to push these updates to their devices.
The September Android security updates only support Android versions 11, 12, and 13, potentially impacting older, unsupported OS versions.