Google fixes actively exploited Android zero-day

Google released Android’s September 2023 security updates containing patches for more than 30 vulnerabilities, including a zero-day flaw under active exploitation.

The zero-day vulnerability (CVE-2023-35674) is an input validation issue in the Framework component, which can be exploited for remote code execution.

Google didn’t share any additional information regarding the attacks targeting the bug, only saying that “there are indications that CVE-2023-35674 may be under limited, targeted exploitation.”

Besides the actively exploited zero-day flaw, the September Android security updates also fix numerous high-risk remote code execution vulnerabilities affecting WLAN Firmware, the Android System component and Qualcomm closed-source components.


Back to the list

Latest Posts

Evelyn Stealer targets developers via malicious VS Code extensions

The malware can exfiltrate developer credentials, browser data, crypto-related information, and turn compromised developer machines into potential entry points.
20 January 2026

Illegal Telegram marketplace Tudou Guarantee winds down operations

Elliptic said it is unclear whether the slowdown marks the beginning of a full shutdown or a shift away from fraud-related activity.
20 January 2026

North Korea-linked hackers abuse Google, Naver ads to spread malware

Attackers weaponized advertising URLs in spear-phishing emails, making malicious links appear legitimate.
20 January 2026
Popular Posts
Featured vulnerabilities
Use-after-free in Junos OS Evolved and Juniper Junos OS
Medium Patched | 20 Jan, 2026
Improper Check for Unusual or Exceptional Conditions in Juniper Junos OS
Medium Patched | 20 Jan, 2026
Incorrect calculation in Junos OS Evolved
Medium Patched | 20 Jan, 2026
Infinite loop in Juniper Junos OS
Medium Patched | 20 Jan, 2026
Improper Validation of Syntactic Correctness of Input in Juniper Junos OS
Medium Patched | 20 Jan, 2026