Android September security updates fix an actively exploited flaw (CVE-2023-35674)

Google has yet again proven its commitment to user security by releasing its monthly security updates for the Android operating system. This fresh batch of updates patches a staggering 34 vulnerabilities, out of which four are critically rated. Even more concerning is the revelation that one of these vulnerabilities might already be under exploitation.

Google’s security bulletin has specifically pointed out the potential risks surrounding CVE-2023-35674, warning users of its possible active and limited exploitation. “There are indications that CVE-2023-35674 may be under limited, targeted exploitation,” reads Google’s bulletin. This flaw could significantly elevate local privileges, all without the need for any user interaction or additional execution privileges. It’s worth noting that this vulnerability affects multiple Android versions, including 11, 12, 12L, and 13.


Google’s innovative approach to this month’s security patch involves a two-level release system:

  • September 1: This update covers patches related to the Android system, framework, and Google Play system updates components.
  • September 5: This subsequent update takes a deep dive into kernel updates, addressing third-party vendor closed-source components.

According to the Android security bulletin, the most severe vulnerability in this update lies within the System component. This flaw could enable remote code execution from proximal or adjacent sources without requiring any user interaction or additional execution privileges.

Of the critical vulnerabilities identified:

Three are remote code execution flaws targeting Android system components, namely: CVE-2023-35673, CVE-2023-35658, and CVE-2023-35681. Remote code execution vulnerabilities pose unique threats. They can inadvertently disclose information, compromise systems at high levels, and in the worst-case scenario, lead to a full device takeover.

The fourth critical vulnerability addressed in the September 5 patch is CVE-2023-28581, rooted in Qualcomm’s closed-source component. This specific flaw is related to memory corruption in WLAN Firmware that happens when GTK Keys in GTK KDE are parsed.

Google is urging all Android users to update their devices to the latest security patch level as soon as possible to protect themselves from these vulnerabilities. You can check the security patch level of your device by going to Settings > System > Advanced > System update.