Android security UPDATE: fix an exploited zero-day

Estimated read time 3 min read

Android security UPDATE: fix an exploited zero-day

In its latest security bulletin, Google announces that there is evidence that CVE-2023-35674, whose severity is high, “may be subject to limited and targeted exploitation”. This particular problem is a “zero-day” type vulnerability, which means that it was previously unknown to anyone capable of fixing it and that, until the developers can mitigate the problem, hackers can exploit it.

Before you worry too much, it is worth noting a few points. First of all, a vulnerability marked “High” is not the most serious problem. The “Critical” level is worse than the high level (we’ll get to that in a moment).

Secondly, the escalation of privileges that this flaw allows is not an unknown terrain for Android. I have been covering Android for more than ten years and I have seen similar vulnerabilities from it. The good news is that Google is very good at finding and fixing them. The bad news is that you will have to wait for Google to release the September security update for your Android device to be protected against this vulnerability.

3 vulnerabilities marked as critical

Another good news is that your Android device will notify you when the update is ready for your smartphone and the only thing you will have to do will be to restart the device when prompted. This is what you should do as soon as you see the notification displayed.

If you are not sure which security patch your smartphone has, go to Settings > System > System update, where you will see both the version of Android on your device and the security update that has been applied. On my Pixel 7 Pro, I’m still on the August security update, but I guess the September update should be available any day now.

Regarding the rest of the September security update, there are three vulnerabilities marked as critical, which are as follows (listed by CVE, reference type, severity and Android version):

Remote Code Execution (RCE) vulnerabilities are of particular concern because they allow hackers to execute malicious code without having direct access to your device.

Lagging behind for smartphones other than Pixel

For the month of September, Google has released not one but two sets of patches, but only the second (2023-09-05) addresses all the security issues mentioned in the security bulletin as well as fixes for third-party proprietary code (for example a bug found in Qualcomm’s WLAN firmware).

It should be borne in mind that if you have an Android smartphone other than Pixel, the September security patch will arrive on your device a little later. Indeed, Google sends the patches to the equipment manufacturers, who then have to test them and adapt them to their hardware. Therefore, if you have a Samsung, Huawei, OnePlus, Nothing smartphone or another Android smartphone, you will have to wait a little longer before the fix arrives.

Anyway, as soon as you see this update appear on your Android device (regardless of the manufacturer), apply it immediately.

Source: “ “

You May Also Like

More From Author