Security News December Android updates fix critical zero-click RCE flaw


Level 78
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution (RCE) bug.

Tracked as CVE-2023-40088, the zero-click RCE bug was found in Android's System component and doesn't require additional privileges to be exploited.

While the company has yet to reveal if attackers have targeted this security flaw in the wild, threat actors could exploit it to gain arbitrary code execution without user interaction.

"The most severe of these issues is a critical security vulnerability in the System component that could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation," the advisory explains.

"The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed."

An additional 84 security vulnerabilities were patched this month, with three of them (CVE-2023-40077, CVE-2023-40076, and CVE-2023-45866) critical severity privilege escalation and information disclosure bugs in Android Framework and System components.

A fourth critical vulnerability (CVE-2022-40507) was addressed in Qualcomm's closed-source components.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.