Users need an urgent software update to protect themselves from targeted attacks.
Google has released an urgent security update for Android, which aims to eliminate 33 vulnerabilities. Particular attention is drawn to the zero-day vulnerability CVE-2023-35674, which has already become the target of targeted attacks on the network.
Some of the addressed shortcomings include the following:
Google strongly recommends that all users update their devices to the latest available version of Android as soon as possible.
As usual, Google offered two sets of fixes: one basic (2023-09-01) and one extended (2023-09-05). The extended set includes all the fixes from the basic one, as well as additional fixes for third-party closed-source components and kernel components that may not apply to all Android devices. Device vendors can optionally deploy a basic patch set first to speed up the update process.
The September security updates target Android versions 11, 12, and 13. Users of older versions (Android 10 and below) should consider upgrading to supported versions or using third-party firmware based on the current version of AOSP .
Google has released an urgent security update for Android, which aims to eliminate 33 vulnerabilities. Particular attention is drawn to the zero-day vulnerability CVE-2023-35674, which has already become the target of targeted attacks on the network.
Some of the addressed shortcomings include the following:
- CVE-2023-35674: 0day is a high-level vulnerability in the Android Framework that allows an attacker to elevate privileges without the need for user interaction. Google has confirmed that the bug is already being exploited on a limited scale.
- CVE-2023-35658, CVE-2023-35673, CVE-2023-35681: critical vulnerabilities in the Android System component that can lead to Remote Code Execution (RCE) without additional rights and user interaction.
- CVE-2023-28581: Critical vulnerability in Qualcomm's proprietary components related to memory corruption in the WLAN firmware. The flaw could allow a remote cybercriminal to execute arbitrary code, read sensitive information, or cause system crashes.
Google strongly recommends that all users update their devices to the latest available version of Android as soon as possible.
As usual, Google offered two sets of fixes: one basic (2023-09-01) and one extended (2023-09-05). The extended set includes all the fixes from the basic one, as well as additional fixes for third-party closed-source components and kernel components that may not apply to all Android devices. Device vendors can optionally deploy a basic patch set first to speed up the update process.
The September security updates target Android versions 11, 12, and 13. Users of older versions (Android 10 and below) should consider upgrading to supported versions or using third-party firmware based on the current version of AOSP .
