Android Privilege Escalation Vulnerability added to CISA Known Exploited Catalog - 20230914001¶
Overview¶
CISA has added CVE-2023-35674 to their Known Exploited Vulnerability Catalog.
Android have released a Security Bulletin containing details of security vulnerabilities affecting Android devices. The most severe of these vulnerabilities is a critical security vulnerability in the System component that could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
What is the vulnerability?¶
CVE-2023-35674 - CVSS v3 Base Score: 7.8
What is vulnerable?¶
The vulnerability affects all devices below Security patch levels of 2023-09-05
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of two weeks... (refer Patch Management):