Millions at risk from actively exploited Android zero-day — update right now
Latest monthly security updates for Android fix this zero-day and other flaws
Google has patched a number of critical and high-severity flaws in its latest round of monthly security updates, including a zero-day vulnerability that is being actively exploited by hackers.
As reported by The Hacker News, the search giant has rolled out a new set of security updates for the best Android phones which patch several flaws in the Android Framework and its System component.
Of these flaws, the most concerning one is a privilege escalation vulnerability tracked as CVE-2023-35674. According to Google’s Android Security Bulletin for September 2023, there are indications that this vulnerability “may be under limited, targeted exploitation”. However, the company didn’t go into further details about how hackers are actively using the vulnerability in their attacks.
Still though, you’re going to want to update your Android phone as soon as possible to avoid falling victim to any potential attacks leveraging this flaw.
Critical and high-severity flaws patched
Besides this zero-day, Google’s latest monthly security update also fixes three other privilege escalation flaws in Framework.
The company explains in September’s Android Security Bulletin that if left unpatched, the most severe vulnerability in Framework “could lead to local escalation of privilege with no additional execution privileges needed”. Likewise, no user interaction is necessary to exploit this vulnerability.
In addition to Framework, Google also patched several critical and high-severity vulnerabilities in Android’s System component. Once again, the most severe vulnerability in System “could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed”.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
All told, Google has fixed 7 flaws in Framework, 14 flaws in Android’s System module and two flaws in the operating system’s MediaProvider component which will be sent out to vulnerable Android phones through a Google Play system update.
How to keep your Android phone safe from hackers
Just like with the best laptops, the most important thing you can do to keep your Android phone safe is to install regular updates as soon as they become available. These updates contain bug fixes and other tweaks to prevent hackers from exploiting known vulnerabilities.
If your phone is no longer receiving regular security updates, then you’re going to want to have one of the best Android antivirus apps installed to protect you against threats exploiting these types of vulnerabilities. While Google Play Protect does a great job at stopping malware and malicious apps, it just doesn’t offer the same features that paid Android antivirus apps do.
At the same time, you’re going to want to avoid sideloading apps and should instead stick to official app stores like the Google Play Store, Amazon Appstore and Samsung Galaxy Store when downloading new apps. However, you should still try to limit the number of apps on your phone because even good apps can go rogue.
Google regularly updates Android with new security features and if you don’t want to miss out on them, you might consider getting a Pixel phone like the Google Pixel 7a or the upcoming Google Pixel 8 as your next smartphone. This way, you’ll be first in line for all of the latest features while also being protected with regular security updates.
More from Tom's Guide
Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.