December Android updates fix critical zero-click RCE flaw


Google said today that 85 vulnerabilities, including a severe severity zero-click remote code execution (RCE) flaw, will be fixed in the December 2023 Android security updates.

The zero-click RCE problem, tracked as CVE-2023-40088, was discovered in the System component of Android and may be exploited without the need for elevated privileges.

Threat actors may be able to utilize this security issue to execute arbitrary code without requiring user input, even though the business has not disclosed whether attackers have specifically targeted it in the wild.The most serious of these problems is a fundamental security flaw in the System component that may allow remote (proximal/adjacent) code execution to occur without the requirement for extra execution rights. Exploitation does not need user involvement.

Read More…