{"uuid": "e09634ff-15b2-4054-838c-8015896c3a81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35673", "type": "seen", "source": "https://t.me/malwaresupport/40", "content": "Android fixes 0-day vulnerability exploited by hackers\n\nSeptember updates for Android fixed 33 vulnerabilities in Google's operating system, including a zero-day issue that is currently being exploited by attackers.\n\nThe 0-day vulnerability is identified as CVE-2023-35674 and is a flaw in the Android Framework that allows attackers to escalate privileges. Exploiting the bug does not require user interaction or any additional privileges.\n\nThe company\u00a0says that the vulnerability has already been subject to \u201climited, targeted exploitation,\u201d but details about these attacks are not yet known.\n\nThree other privilege escalation issues have also been fixed as part of the Android Framework. The most severe of these \"can result in local escalation of privilege and do not require additional privileges to execute\" or any user interaction.\n\nAdditionally, the September updates fix three critical flaws in the Android System component (CVE-2023-35658, CVE-2023-35673, CVE-2023-35681) and one in closed-source Qualcomm components (CVE-2023-28581).\n\nVulnerabilities in the Android System can lead to remote code execution (RCE) and also do not require additional privileges or user interaction.\n\nIn turn, a bug in Qualcomm components is described as a violation of the integrity of information in the WLAN firmware memory. This vulnerability could allow remote attackers to execute arbitrary code, read sensitive information, or cause system crashes.\n\nAs usual, Google has divided the fixes into two levels: \u00a02023-09-01 and 2023-09-05. Level 2023-09-05 contains all the security fixes from the first set, as well as additional fixes for closed source and third-party kernel components that may not be relevant to all Android devices.\n\nThis month's updates cover versions of Android 11, 12, and 13, and may also affect older, unsupported versions of the OS.\n\nProject: @Redscriptandroidbotnet\n\nPrivate: @vpn809", "creation_timestamp": "2023-09-24T15:30:19.000000Z"}