Zero-Day Alert: Recently Widely Exploited Flaw is Fixed in Latest Android Patch Update
For Android, Google has released monthly security updates to fix a variety of bugs, notably a zero-day vulnerability that the company believes may have already been used in the wild.
The high-severity bug, identified as CVE-2023-35674, is characterized as an instance of privilege escalation affecting the Android Framework.
Without going into more detail, the organization stated in its Android Security Bulletin for September 2023 that “There are signs that CVE-2023-35674 may be below restricted focused exploitation.”
The update also fixes three other privilege escalation bugs in Framework. According to the search engine giant, the worst of these bugs “may result in a local amplification of privilege with no extra execution privileges needed” without user engagement.
Google stated that it has further patched a crucial security hole in the System component that might allow remote code execution without the victim’s participation.
According to the statement, “the platform and service reductions are assumed to be turned off for development reasons or if effectively bypassed,” and “the severity evaluation depends on the impact that leveraging a flaw would potentially have on an impacted device.”
In total, Google has corrected two MediaProvider issues and 14 System module bugs; the latter will be made available as a Google Play system upgrade.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
Read More Article Here:
Pune man lost funds to fraud after investing online ₹18 lakhs to earn a commission.
To tackle impersonation, X (Twitter) will gather biometric information from its paid customers.