Google Android Monthly Update patches actively exploited vulnerability
Take action: If you are using a Google Pixel phone, update the OS when the patch becomes available. For Android phones from other vendors, you will need to check the vendor update stream, which may be slower. In the meantime avoid sideloading apps from wherever, because although far from perfect, the official app stores are still better controlled.
Learn More
Google has issued its monthly security updates for the Android operating system, which include fixes for a range of vulnerabilities, including a zero-day flaw actively exploited flaw.
The flaw is tracked as CVE-2023-3567, categorized as a privilege escalation issue affecting the Android Framework. Google's September 2023 Android Security Bulletin mentioned that there are signs suggesting that this vulnerability "may be under limited, targeted exploitation." Google did not provide further specifics about the ongoing attacks leveraging this vulnerability.
In addition to addressing this zero-day flaw, Google's latest security update deals with three other privilege escalation vulnerabilities within the Android Framework. Of these, the most severe one could potentially enable local privilege escalation without requiring any additional execution privileges, and no user interaction is needed to exploit it.
Furthermore, Google has patched a critical security vulnerability found in the System component of Android. This particular flaw has the potential to allow remote code execution without the need for any user interaction. The severity assessment of these vulnerabilities takes into account the potential impact on affected devices, assuming that platform and service mitigations are disabled for development purposes or if successfully bypassed.
In total, Google's security update addresses 14 flaws within the System module and two vulnerabilities in the MediaProvider component. These fixes will be distributed to vulnerable Android devices via a Google Play system update.
