Google fixes exploited Android 0day vulnerability

News 2023-09-10 09:41:12 views: null

bddce9e65b56c07b321e1a72b48c9c5b.gif Focus on source code security and collect the latest information at home and abroad!

Compiled by: Code Guard

Google fixed multiple vulnerabilities in this month's Android security update, one of which has been actively exploited. The vulnerability number is CVE-2023-35674, which is a privilege escalation vulnerability affecting the Android Framework.

502a2e07babd84529fcaf4a3a92312aa.gif

Google mentioned in the Android Security Notice that "there are clues that CVE-2023-35674 may have been exploited in a limited and targeted manner." The update also fixes three other privilege escalation vulnerabilities located in the Framework, one of the most important The vulnerability "enables local privilege escalation without requiring additional execution permissions."

Google said it also fixed a critical vulnerability located in the System component that could achieve remote code execution without any victim interaction. "The severity assessment is based on the likely impact the exploit would have on affected devices and assumes that platform and service mitigations are turned off to facilitate development or have been successfully bypassed," the company noted.

Google has fixed 14 vulnerabilities in the System component this time, and two vulnerabilities in the MediaProvider component, which will be rolled out as part of the Google Play system update.

Code Guard trial address: https://codesafe.qianxin.com

Open source guard trial address: https://oss.qianxin.com

Recommended reading

Google releases 2022 0day in the wild annual review report

Apple employees discovered that Google’s zero-day secrets were not reported in the CTF competition and the $10,000 bounty was obtained by others.

Google launches new security pilot program to ban employees from accessing the internet

Google warns its employees: Don’t use code generated by Bard

Google triples bounty for Chrome sandbox escape exploit chain

Original link

https://thehackernews.com/2023/09/zero-day-alert-latest-android-patch.html

Title image: Pixabay License

This article was compiled by Qi Anxin and does not represent the views of Qi Anxin. Please indicate "Reprinted from Qianxin Code Guard https://codesafe.qianxin.com" when reprinting.

6d0b93eca944c81f862e74a1b86d648c.jpeg

4c250ea4bf5d14528e223c52a89684d3.jpeg

Qi Anxin code guard (codesafe)

The first domestic product line focusing on software development security.

   24e92d0df4970097e26786519274da6d.gif If you think it’s good, just click “Looking” or “Like”~

Guess you like

Origin blog.csdn.net/smellycat000/article/details/132749794
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com