Security News > 2023 > September > Zero-Day Alert: Latest Android Patch Update Includes Fix for Newly Actively Exploited Flaw
Google has rolled out monthly security patches for Android to address a number of flaws, including a zero-day bug that it said may have been exploited in the wild.
Tracked as CVE-2023-35674, the high-severity vulnerability is described as a case of privilege escalation impacting the Android Framework.
"There are indications that CVE-2023-35674 may be under limited, targeted exploitation," the company said in its Android Security Bulletin for September 2023 without delving into additional specifics.
The update also addresses three other privilege escalation flaws in Framework, with the search giant noting that the most severe of these issues "Could lead to local escalation of privilege with no additional execution privileges needed" sans any user interaction.
Google said it has further plugged a critical security vulnerability in the System component that could lead to remote code execution without requiring interaction on the part of the victim.
In total, Google has fixed 14 flaws in the System module and two shortcomings in the MediaProvider component, the latter of which will be delivered as a Google Play system update.
News URL
https://thehackernews.com/2023/09/zero-day-alert-latest-android-patch.html
Related news
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-11 | CVE-2023-35674 | Unspecified vulnerability in Google Android In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. | 7.8 |