Google released Android’s September 2023 security updates containing patches for more than 30 vulnerabilities, including a zero-day flaw under active exploitation.
The zero-day vulnerability (CVE-2023-35674) is an input validation issue in the Framework component, which can be exploited for remote code execution.
Google didn’t share any additional information regarding the attacks targeting the bug, only saying that “there are indications that CVE-2023-35674 may be under limited, targeted exploitation.”
Besides the actively exploited zero-day flaw, the September Android security updates also fix numerous high-risk remote code execution vulnerabilities affecting WLAN Firmware, the Android System component and Qualcomm closed-source components.