September 18, 2023

ASPL 2023-09-01 / CVE-2023-35674

Platform(s) Affected
Android
Entry Type
Threat Guidances
Threat Type
Vulnerability
Platform(s) Affected
Android
Threat Guidances
Vulnerability

Lookout Coverage and Recommendation for Admins

With 4 critical vulnerabilities, including an actively exploited one, the September 2023 ASPLs should be installed as soon as it’s available for any Android device. The two patches listed are: 2023-09-01 and 2023-09-05. Please set the compliance policies in the Lookout admin console for minimum security patch level of 2023-09-01 to alert end users that they are at risk. This will also provide them steps on how to update and resolve the issue. 

We highly recommend to set the devices to automatically update to the latest Android Security Patch Levels (ASPLs) as this minimizes the time gap between when a vulnerability becomes known and when the device is patched against it. Most vulnerabilities are exploited in this period of lag time, which varies based on the manufacturer of your Android device since each manufacturer must test and push the patch independently of the original release.  

Overview

An Android framework privilege escalation vulnerability, tracked as CVE-2023-35674, was recently discovered being exploited in the wild, and has since been fixed by the 2023-09-01 Android security patch level (ASPL) released by Google. Several manufacturers (Samsung, One Plus) have already released the updated patch, which is known to affect Android 11, 12, 12L and 13. Users with older devices should consider upgrading their devices or restricting corporate access on these older devices. Per NIST, the vulnerability has a score of 7.8 and is also listed in CISA’s known exploited vulnerabilities catalog with a due date of October 4th, 2023, by which all government organizations must either fix the devices or phase them out.

Lookout Analysis

CVE-2023-35674 is a zero-day threat that allows the attackers to escalate their privileges without needing any user interaction or any additional execution privileges. The September Android security update fixes three additional critical vulnerabilities within the Android System component. These are:

  • CVE-2023-35658: use after free weakness in gatt_cl.cc component
  • CVE-2023-35673: out-of-bounds write due to integer overflow in gatt_cl component
  • CVE-2023-35681:  out-of-bounds write due to integer overflow in eatt_impl component

Since a successful exploit of these vulnerabilities could enable remote code execution behavior without needing additional privileges, organizations should consider them highly severe and critical to update. 

Lookout Coverage and Recommendation for Admins

With 4 critical vulnerabilities, including an actively exploited one, the September 2023 ASPLs should be installed as soon as it’s available for any Android device. The two patches listed are: 2023-09-01 and 2023-09-05. Please set the compliance policies in the Lookout admin console for minimum security patch level of 2023-09-01 to alert end users that they are at risk. This will also provide them steps on how to update and resolve the issue. 

We highly recommend to set the devices to automatically update to the latest Android Security Patch Levels (ASPLs) as this minimizes the time gap between when a vulnerability becomes known and when the device is patched against it. Most vulnerabilities are exploited in this period of lag time, which varies based on the manufacturer of your Android device since each manufacturer must test and push the patch independently of the original release.  

HeaderHeaderHeaderHeader
CellCellCellCell
CellCellCellCell
CellCellCellCell
CellCellCellCell
A woman using her phone and laptop on a train ride.

Lookout Mobile Endpoint Security

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Powered by telemetry from over 185 million mobile apps and 200 million devices running modern operating systems like iOS, Android and ChromeOS. Lookout Mobile Endpoint Security (MES) is the industry’s most advanced platform to deliver mobile Endpoint Detection and Response (EDR). Addressing the evolving security requirements for mobile devices, even as compliance standards expand.