Android
Android users: update your device – actively exploited bug in the wild
There’a lot of technical jargon being thrown around here but the moral of the story is to update your Android device. Simple as that.
The Android security team has been busy bees this month, squashing a zero-day bug that is reportedly being exploited as we speak. This bug, known as CVE-2023-35674, is a “privilege of escalation” problem messing with the Android Framework.
Google’s Android Security Bulletin for September 2023 hinted at some “limited, targeted exploitation” of this bug, but they’re not providing any more details. “There are indications that CVE-2023-35674 may be under limited, targeted exploitation.”
This latest update puts six bugs in the Android Framework to bed, including our zero-day friend. Three other bugs were also tagged as privilege of escalation problems.
Google said the worst of these could potentially let someone crank up their privileges without needing any extra execution privileges. And the cherry on top? No user interaction is needed to exploit these bugs.
How to update your Android device
If you’ve got a notification, just open it up and hit the update action. Missed your notification or been off the grid? No worries:
- Head over to your device’s Settings app.
- Tap on System and then look for System update.
- You’ll see your update status right there. Just follow any instructions on the screen. Easy peasy.
Google also tackled a serious flaw in the System component. This exploit could let the bad guys run code remotely; no input from the victim is needed.
Google explained that they rate the severity of these bugs based on the potential impact if they were exploited on a device, assuming that platform and service protections are either turned off for development purposes or successfully bypassed.
Meet Therabody's All-New TheraFace Mask
TheraFace Mask is a breakthrough FDA-cleared LED skincare mask with added tension-relieving vibration therapy. Clinically proven results include firmer, smoother, healthier-looking skin with a visible reduction in fine lines, wrinkles, and uneven tone in as little as 8 weeks
The System module had a total of 14 flaws fixed, along with a couple of vulnerabilities in the MediaProvider component.
Android’s security team has been busy
Google’s been on a roll this year, patching up Android bugs that were being exploited in real time. Back in mid-April, they released a patch fixing three high-severity flaws in the mobile OS, one of which was actively being exploited by hackers.
These bugs were tagged as CVE-2023-21085, CVE-2023-21096, and CVE-2022-38181.
- The first two were Android System bugs that allowed for remote code execution.
- The third one, the one being exploited in real-time, was a flaw in the Arm Mali GPU kernel driver.
This bug, a use-after-free vulnerability, lets the bad guys crank up privileges on targeted endpoints through malicious apps. Moral of the story here? Just update your device and avoid any chance of your device from getting hacked.
Have any thoughts on this? Drop us a line below in the comments, or carry the discussion to our Twitter or Facebook.
Editors’ Recommendations:
- Fresh OnePlus 12 renders give a better look at upgraded design
- The latest Samsung Galaxy S24 Ultra leak reveals key specs
- Galaxy S24 Ultra could get an improved 200MP camera sensor
- Samsung Galaxy Tab S9 FE series European prices leaked
Follow us on Flipboard, Google News, or Apple News
Buying Guide
The best Steam Deck accessories (2023)
Buying Guide
The best wireless earbuds (2023)
