Google has urged Android users to update to the latest security patch that it has recently rolled out in a bid to keep them safe from a critical zero-day vulnerability. Due to Android's open-source nature and massive availability, Android smartphones tend to be the go-to gadgets for hackers and cybercriminals to target. And when Google suffers from a bug, these so-called zero-day vulnerabilities can open windows that cybercriminals look to take advantage of. In fact, these zero-day vulnerabilities make up a significant portion of these cyberattacks. According to a SEQRITE report, almost 30 percent of malware attacks nowadays are zero-day exploits.
For the unaware, zero-day flaws are vulnerabilities that are yet to be discovered by the manufacturer or vendor but, these may have been exploited by cybercriminals and threat actors. Google has issued an advisory for Android users urging them to update their Android smartphones to the latest security patch to fix critical zero-day vulnerabilities in their handsets.
According to a report by HackerNews, Google, in its Android Security Bulletin for September 2023, revealed that a critical vulnerability CVE-2023-35674 has been discovered in the Android Framework and system components. While Google did not reveal how this flaw is being exploited, it stated, “There are indications that CVE-2023-35674 may be under limited, targeted exploitation.”
Apart from this vulnerability, September's security patch also fixes other privilege escalation flaws in the Android Framework. Google says the most high-severity vulnerability in the Android Framework could “lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.”
On
Read more on tech.hindustantimes.com