Android’s September Security Update Patches Zero-Day Threat

8 months ago

The September 2023 Android security updates have been released, focusing on addressing a total of 33 vulnerabilities. According to BleepingComputer, these updates also address a high-severity zero-day bug.

The zero-day vulnerability, identified as CVE-2023-35674, is found in the Android Framework and is currently being actively exploited.

This flaw allows attackers to escalate privileges without requiring user interaction or additional execution privileges. Google has acknowledged that there are signs of limited, targeted exploitation of this vulnerability.

Google issued an advisory stating, “Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform.”

“We encourage all users to update to the latest version of Android where possible,” the advisory continued.

In addition to this zero-day bug, the September Android security updates also address three critical security flaws in the Android System component, along with one in Qualcomm closed-source components.

These critical System vulnerabilities (CVE-2023-35658, CVE-2023-35673, CVE-2023-35681) can lead to remote code execution (RCE) without needing additional execution privileges or user interaction.

The fourth critical bug (CVE-2023-28581), as described by Qualcomm, is a WLAN Firmware memory corruption issue.

It has the potential to allow remote attackers to execute arbitrary code, access sensitive information, or trigger system crashes in low-complexity attacks that don’t require privileges or user interaction.

Google has issued two sets of patches for September 2023: the 2023-09-01 and 2023-09-05 security patch levels. The latter includes all the security fixes from the initial set, along with additional patches for third-party closed-source and Kernel components.

It’s important to note that, except for Google Pixel devices, other vendors may take some time to push these updates to their devices.

The September Android security updates only support Android versions 11, 12, and 13, potentially impacting older, unsupported OS versions.

P.S. Help support us and independent media here: Buy us a beer, Buy us a coffee, or use our Amazon link to shop.

Other articles in the category: News

Apple Ramps Up Talks with OpenAI for iPhone Features: Report

Apple has revived discussions with OpenAI to potentially incorporate the its generative AI technology into upcoming iPhone features this year, claims sources speaking to Bloomberg’s Mark Gurman. These talks focus on adding OpenAI's technology into iOS 18, which we will see previewed at WWDC in June. Sources indicated that the discussions are in early stages....

John Quintet

6 hours ago

Google Launches AI Essentials Course; Free Version for Teachers

Google has introduced a new course called AI Essentials, aimed at breaking down how to use artificial intelligence for professionals across various industries. Upon completion of the course, you’ll get a certificate that you can add to your resumé. Taught by AI experts actively working at Google, this course offers practical, hands-on training in using...

John Quintet

19 hours ago

Apple Deepens China Ties Amid Global Supply Chain Shifts

Apple is strategically aligning itself with China while simultaneously expanding its manufacturing footprint in Southeast Asia and India.

Usman Qureshi

22 hours ago