Connect with us


Android users: update your device – actively exploited bug in the wild

There’a lot of technical jargon being thrown around here but the moral of the story is to update your Android device. Simple as that.

A person holding a phone looking at the android apps.
Image: Unsplash

The Android security team has been busy bees this month, squashing a zero-day bug that is reportedly being exploited as we speak. This bug, known as CVE-2023-35674, is a “privilege of escalation” problem messing with the Android Framework.

Google’s Android Security Bulletin for September 2023 hinted at some “limited, targeted exploitation” of this bug, but they’re not providing any more details. “There are indications that CVE-2023-35674 may be under limited, targeted exploitation.”

This latest update puts six bugs in the Android Framework to bed, including our zero-day friend. Three other bugs were also tagged as privilege of escalation problems.

Google said the worst of these could potentially let someone crank up their privileges without needing any extra execution privileges. And the cherry on top? No user interaction is needed to exploit these bugs.

How to update your Android device

If you’ve got a notification, just open it up and hit the update action. Missed your notification or been off the grid? No worries:

  1. Head over to your device’s Settings app.
  2. Tap on System and then look for System update.
  3. You’ll see your update status right there. Just follow any instructions on the screen. Easy peasy.

Google also tackled a serious flaw in the System component. This exploit could let the bad guys run code remotely; no input from the victim is needed.

Google explained that they rate the severity of these bugs based on the potential impact if they were exploited on a device, assuming that platform and service protections are either turned off for development purposes or successfully bypassed.

The System module had a total of 14 flaws fixed, along with a couple of vulnerabilities in the MediaProvider component.

Android’s security team has been busy

Google’s been on a roll this year, patching up Android bugs that were being exploited in real time. Back in mid-April, they released a patch fixing three high-severity flaws in the mobile OS, one of which was actively being exploited by hackers.

These bugs were tagged as CVE-2023-21085, CVE-2023-21096, and CVE-2022-38181.

  • The first two were Android System bugs that allowed for remote code execution.
  • The third one, the one being exploited in real-time, was a flaw in the Arm Mali GPU kernel driver.

This bug, a use-after-free vulnerability, lets the bad guys crank up privileges on targeted endpoints through malicious apps. Moral of the story here? Just update your device and avoid any chance of your device from getting hacked.

Have any thoughts on this? Drop us a line below in the comments, or carry the discussion to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Kevin is KnowTechie's founder and executive editor. With over 15 years of blogging experience in the tech industry, Kevin has transformed what was once a passion project into a full-blown tech news publication. Shoot him an email at or find him on Mastodon or Post.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Deals of the Day

  1. Paramount+: Live Sports Starting at $2.50/mo. for 12 Mos. Sports - Try It Free w/ code: SPORTS
  2. Save $20 on a Microsoft365 subscription at Best Buy with a Best Buy Membership!
  3. Try Apple TV+ for FREE and watch all the Apple Originals
  4. Save $300 on a Segway at Best Buy, now $699

More in Android