Google released September 2023 Android security updates that address tens of vulnerabilities, including a zero-day flaw tracked as CVE-2023-35674 that was actively exploited in the wild.

This high-severity vulnerability CVE-2023-35674 resides in the Framework component, a threat actor could exploit the issue to escalate privileges without requiring user interaction or additional execution privileges.

“There are indications that CVE-2023-35674 may be under limited, targeted exploitation.” reads the advisory published by Google.

The company also addressed three critical remote code execution vulnerabilities, tracked as CVE-2023-35658, CVE-2023-35673, CVE-2023-35681, in the System component.