Don’t Miss This: Android’s September Security Update Unveiled”

Google upgrades Android’s security once every month. Patches for bugs with the highest severity level occasionally appear in those releases.

Google stated in its most recent security bulletin that there is proof that the High severity CVE-2023-35674 vulnerability “may be under limited, targeted exploitation.”

This particular problem is a zero-day vulnerability, which means that no one who could fix it did so earlier. Until developers take steps to mitigate the problem, threat actors can use it to their advantage.

Due to this zero-day vulnerability, malicious parties can increase their rights without user interaction.

security
GETTY

There are a few things to consider before you become really worried.

First, the most serious problem is not one with a vulnerability rating of High. High is better than Critical (more on that later).

The second point is that Android is familiar with privilege escalation.

Since I’ve been writing about Android for well over a decade, I’ve observed how regularly the same vulnerabilities appear and disappear.

The good news is that Google is excellent at identifying them and repairing vulnerabilities.

The bad news is that the vulnerability won’t be fixed for your Android smartphone until Google issues the September security update.

Another bit of good news is that your Android device will let you know when the update is ready for your phone and the only thing you’ll have to do is restart the device when prompted.

You should immediately do so as soon as you see the notification popup.

security
getty

 

If you are unsure as to what security patch your phone has, go to Settings > System > System Update, where you’ll see both the version of Android on your device and the security update that has been applied.

On my Pixel 7 Pro, I’m still on the August security update but I assume the September update should be available any day.

As far as the rest of the September security update, there are three vulnerabilities marked Critical, which are as follows (listed by CVE, Reference Type, Severity, and Android version):

RCE (Remote Code Execution) vulnerabilities are of particular concern because they make it possible for threat actors to execute malicious code without having direct access to your device.

security
GETTY

For September, Google has issued not one but two sets of patches but only the second patch (2023-09-05) addresses all of the security issues found in the security bulletin as well as patches for third-party, proprietary code (such as a bug found in the Qualcomm WLAN firmware).

One thing to keep in mind is that the September security patch will be applied to non-Pixel phones a little bit later.

This is so that OEMs can test and fine-tune the updates for their hardware after Google releases them to them.

Therefore, the fix won’t be available right away if you own a Samsung, Huawei, OnePlus, Nothing, or another Android phone that isn’t made by Google.

In any case, install the update as soon as you see it on your Android smartphone (regardless of the manufacturer).

FAQs

Why is it called zero-day vulnerability?

Zero-day” is a broad term that describes recently discovered security vulnerabilities that hackers can use to attack systems. The term “zero-day” refers to the fact that the vendor or developer has only just learned of the flaw – which means they have “zero days” to fix it.

What is the new zero-day vulnerability 2023?

One of the zero-days (CVE-2023-38180) is a denial-of-service vulnerability in . NET and Visual Studio. The other zero-day (CVE-2023-36884) received a Defense in Depth update to mitigate a flaw under active attack; however, it is not a patch.

What is zero-day attack and zero-day vulnerability?

A zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched. An exploit that attacks a zero-day vulnerability is called a zero-day exploit.

Was Log4j zero-day security?

Log4j is just a recent zero-day attack example. There have been many in the past. Many more will no doubt happen in the future.

How do hackers find zero-day vulnerability?

Vulnerability scanning can detect some zero-day exploits. Security vendors who offer vulnerability scanning solutions can simulate attacks on software code, conduct code reviews, and attempt to find new vulnerabilities that may have been introduced after a software update.

What is zero-day in cyber crime?

Zero-day exploit refers to a security vulnerability that is unknown to the software vendor or the public, allowing attackers to exploit it before it can be patched. Here are some examples of zero-day exploits: Stuxnet: Stuxnet is a well-known example of a zero-day exploit that was discovered in 2010

security

 

 

Spread the love

Leave a Comment