Google announces patch for a critical Android vulnerability, witholds details
Take action: Don't delay your next Android phone update. It will carry important patches. Depending on the vendor you might wait for some weeks before the update is released for your phone.
Google announced on Monday the detection of a "critical security vulnerability" within an Android OS system component that permits remote code execution without needing extra privileges.
The flaw, tracked as CVE-2023-40088 has no details since Google so far is being very tight lipped. It appears the flaw is capable of covertly downloading and installing malware on Android devices without user knowledge. The exploit requires physical proximity to the target Android device, exploiting it remotely via Wi-Fi, Bluetooth, or NFC. Google has not disclosed the discovery method of this flaw nor confirmed if it's being exploited by hackers.
Android users should be aware of an upcoming patch that will fix a this issue.
This update, labeled as the December 2023 Android update, will be compatible with Android versions 11 to 14. The fix is expected to be released within the next two days through the Android Open Source Project, after which it's up to individual device manufacturers to distribute the update.
Android manufacturers like Samsung and OnePlus commit to monthly security updates, while Google often releases security updates for Pixel phones within two weeks or earlier.