Lookout Coverage and Recommendation for Admins
With 4 critical vulnerabilities, including an actively exploited one, the September 2023 ASPLs should be installed as soon as it’s available for any Android device. The two patches listed are: 2023-09-01 and 2023-09-05. Please set the compliance policies in the Lookout admin console for minimum security patch level of 2023-09-01 to alert end users that they are at risk. This will also provide them steps on how to update and resolve the issue.
We highly recommend to set the devices to automatically update to the latest Android Security Patch Levels (ASPLs) as this minimizes the time gap between when a vulnerability becomes known and when the device is patched against it. Most vulnerabilities are exploited in this period of lag time, which varies based on the manufacturer of your Android device since each manufacturer must test and push the patch independently of the original release.
An Android framework privilege escalation vulnerability, tracked as CVE-2023-35674, was recently discovered being exploited in the wild, and has since been fixed by the 2023-09-01 Android security patch level (ASPL) released by Google. Several manufacturers (Samsung, One Plus) have already released the updated patch, which is known to affect Android 11, 12, 12L and 13. Users with older devices should consider upgrading their devices or restricting corporate access on these older devices. Per NIST, the vulnerability has a score of 7.8 and is also listed in CISA’s known exploited vulnerabilities catalog with a due date of October 4th, 2023, by which all government organizations must either fix the devices or phase them out.
CVE-2023-35674 is a zero-day threat that allows the attackers to escalate their privileges without needing any user interaction or any additional execution privileges. The September Android security update fixes three additional critical vulnerabilities within the Android System component. These are:
- CVE-2023-35658: use after free weakness in gatt_cl.cc component
- CVE-2023-35673: out-of-bounds write due to integer overflow in gatt_cl component
- CVE-2023-35681: out-of-bounds write due to integer overflow in eatt_impl component
Since a successful exploit of these vulnerabilities could enable remote code execution behavior without needing additional privileges, organizations should consider them highly severe and critical to update.