Focus on source code security and collect the latest information at home and abroad!
Compiled by: Code Guard
Google fixed multiple vulnerabilities in this month's Android security update, one of which has been actively exploited. The vulnerability number is CVE-2023-35674, which is a privilege escalation vulnerability affecting the Android Framework.
Google mentioned in the Android Security Notice that "there are clues that CVE-2023-35674 may have been exploited in a limited and targeted manner." The update also fixes three other privilege escalation vulnerabilities located in the Framework, one of the most important The vulnerability "enables local privilege escalation without requiring additional execution permissions."
Google said it also fixed a critical vulnerability located in the System component that could achieve remote code execution without any victim interaction. "The severity assessment is based on the likely impact the exploit would have on affected devices and assumes that platform and service mitigations are turned off to facilitate development or have been successfully bypassed," the company noted.
Google has fixed 14 vulnerabilities in the System component this time, and two vulnerabilities in the MediaProvider component, which will be rolled out as part of the Google Play system update.
Code Guard trial address: https://codesafe.qianxin.com
Open source guard trial address: https://oss.qianxin.com
Recommended reading
Google releases 2022 0day in the wild annual review report
Google launches new security pilot program to ban employees from accessing the internet
Google warns its employees: Don’t use code generated by Bard
Google triples bounty for Chrome sandbox escape exploit chain
Original link
https://thehackernews.com/2023/09/zero-day-alert-latest-android-patch.html
Title image: Pixabay License
This article was compiled by Qi Anxin and does not represent the views of Qi Anxin. Please indicate "Reprinted from Qianxin Code Guard https://codesafe.qianxin.com" when reprinting.
Qi Anxin code guard (codesafe)
The first domestic product line focusing on software development security.
If you think it’s good, just click “Looking” or “Like”~