The Android security team has been busy bees this month, squashing a zero-day bug that is reportedly being exploited as we speak. This bug, known as CVE-2023-35674, is a “privilege of escalation” problem messing with the Android Framework. Google’s Android Security Bulletin for September 2023 hinted at some “limited, targeted exploitation” of this bug, but they’re not providing any more details. “There are indications that CVE-2023-35674 may be under limited, targeted exploitation.” This latest update puts six bugs in the Android Framework to bed, including our zero-day friend. Three other bugs were also tagged as privilege of escalation problems. Google said the worst of these could potentially let someone crank up their privileges without needing any extra execution privileges. And the cherry on top? No user interaction is needed to exploit these bugs. How to update your Android device If you’ve got a notification, just open it up and hit the update action. Missed your notification or been off the grid? No worries: Head over to your device’s Settings app. Tap on System and then look for System update. You’ll see your update status right there. Just follow any instructions on the screen. Easy peasy. Google also tackled a serious flaw in the System component. This exploit could let the bad guys run code remotely; no input from the victim is needed. Google explained that they rate the severity of these bugs based on the potential impact if they were exploited on a device, assuming that platform and service protections…Android users: update your device – actively exploited bug in the wild
Android users: update your device – actively exploited bug in the wild
The Android security team has been busy bees this month, squashing a zero-day bug that is reportedly being exploited as we speak. This bug, known as CVE-2023-35674, is a “privilege of escalation” problem messing with the Android Framework. Google’s Android Security Bulletin for September 2023 hinted at some “limited, targeted exploitation” of this bug, but they’re not providing any more details. “There are indications that CVE-2023-35674 may be under limited, targeted exploitation.” This latest update puts six bugs in the Android Framework to bed, including our zero-day friend. Three other bugs were also tagged as privilege of escalation problems. Google said the worst of these could potentially let someone crank up their privileges without needing any extra execution privileges. And the cherry on top? No user interaction is needed to exploit these bugs. How to update your Android device If you’ve got a notification, just open it up and hit the update action. Missed your notification or been off the grid? No worries: Head over to your device’s Settings app. Tap on System and then look for System update. You’ll see your update status right there. Just follow any instructions on the screen. Easy peasy. Google also tackled a serious flaw in the System component. This exploit could let the bad guys run code remotely; no input from the victim is needed. Google explained that they rate the severity of these bugs based on the potential impact if they were exploited on a device, assuming that platform and service protections…Android users: update your device – actively exploited bug in the wild