The latest monthly Android security update has addressed a zero-day vulnerability allegedly being abused in the wild.
Android’s latest cumulative update patches, among other things, CVE-2023-35674, described as a “privilege of escalation” that impacts the Android Framework. The scope of the abuse, however, seems to be relatively small.
"There are indications that CVE-2023-35674 may be under limited, targeted exploitation," Google’s Android Security Bulletin for September 2023 reads. No further details were disclosed.
In total, the update fixes six vulnerabilities found in the Android Framework. Besides the above-mentioned one, there are three other privilege of escalation flaws: “The most severe vulnerability in this section could lead to local escalation of privilege with no additional execution privileges needed,” Google explained. “User interaction is not needed for exploitation.”
Google also said it addressed a critical flaw in the System component, which could allow threat actors to remotely execute code, without needing any input from the victim.
"The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed," it added.
The total amount of flaws fixed in the System module is 14, together with two vulnerabilities in the MediaProvider component.
Google has had its hands full this year, fixing Android flaws abused in the wild. In mid-April, it released a patch in which it addressed three high-severity flaws in the mobile operating system, one of which was being used by hackers. Those holes were tracked as CVE-2023-21085, CVE-2023-21096, and CVE-2022-38181.
The first and second ones are Android System vulnerabilities that allow for remote code execution. The third one - also the one abused in the wild - was a flaw in the Arm Mali GPU kernel driver. Described as a use-after-free vulnerability, it allowed threat actors to escalate privileges on target endpoints via malicious apps.
Via: The Hacker News