• Android has a worrying security flaw, so users need to update now

    From TechnologyDaily@1337:1/100 to All on Thu Sep 7 14:30:03 2023
    Android has a worrying security flaw, so users need to update now

    Date:
    Thu, 07 Sep 2023 14:26:36 +0000

    Description:
    Google fixed an Android security bug that allowed threat actors to escalate privileges on the target device.

    FULL STORY ======================================================================

    The latest monthly Android security update has addressed a zero-day vulnerability allegedly being abused in the wild.

    Androids latest cumulative update patches, among other things,
    CVE-2023-35674, described as a privilege of escalation that impacts the Android Framework. The scope of the abuse, however, seems to be relatively small.

    "There are indications that CVE-2023-35674 may be under limited, targeted exploitation," Googles Android Security Bulletin for September 2023 reads .
    No further details were disclosed. Android Framework

    In total, the update fixes six vulnerabilities found in the Android
    Framework. Besides the above-mentioned one, there are three other privilege
    of escalation flaws: The most severe vulnerability in this section could lead to local escalation of privilege with no additional execution privileges needed, Google explained. User interaction is not needed for exploitation.

    Google also said it addressed a critical flaw in the System component, which could allow threat actors to remotely execute code, without needing any input from the victim.

    "The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the
    platform and service mitigations are turned off for development purposes or
    if successfully bypassed," it added.

    The total amount of flaws fixed in the System module is 14, together with two vulnerabilities in the MediaProvider component.

    Google has had its hands full this year, fixing Android flaws abused in the wild. In mid-April, it released a patch in which it addressed three high-severity flaws in the mobile operating system, one of which was being used by hackers. Those holes were tracked as CVE-2023-21085, CVE-2023-21096, and CVE-2022-38181.

    The first and second ones are Android System vulnerabilities that allow for remote code execution. The third one - also the one abused in the wild - was
    a flaw in the Arm Mali GPU kernel driver. Described as a use-after-free vulnerability, it allowed threat actors to escalate privileges on target endpoints via malicious apps.

    Via: The Hacker News More security news from TechRadar Pro Here's our list of the best malware removal tools around This stalkerware tracked thousands of Android and iPhones Stalkerware tycoon told to alert victims, pay major fine



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/android-has-a-worrying-security-flaw-so -users-need-to-update-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)