Google Issues September Android Security Update to Fix Critical Vulnerabilities

September Android security update

Google is addressing critical security vulnerabilities in its September Android security update. The most notable issue is CVE-2023-35674, a high-severity zero-day vulnerability in the Android Framework. Zero-day vulnerabilities, like this one, are previously unknown and can be exploited by threat actors without user interaction. This specific flaw allows attackers to escalate privileges on Android devices. Google will release the update to address this vulnerability, and Android users will receive notifications when it's available, requiring a simple device restart to apply.

In addition to the zero-day flaw, three critical vulnerabilities in the Android System component are being patched. These vulnerabilities can lead to remote code execution (RCE) without requiring additional execution privileges or user interaction. Google is also addressing a critical security issue in Qualcomm's WLAN Firmware, enabling remote attackers to execute arbitrary code and trigger system crashes without user interaction.

Google has released two sets of patches for September 2023, with the latter including all security fixes from the initial set and additional patches for third-party components. Deployment times may vary among device vendors, but users are encouraged to apply the security updates promptly.

Overall, the September Android security updates encompass 33 vulnerabilities and affect versions 11, 12, and 13, with potential impacts on older unsupported OS versions. Users still on Android 10 or older are advised to consider upgrading to supported versions or using third-party Android ROMs based on recent AOSP versions to enhance their device's security. Keeping devices up to date is crucial to mitigate potential security risks.