Google patched Android in September 2023 to fix a number of issues, including a zero-day vulnerability that was being actively used against users. Tens of vulnerabilities were addressed by Google’s September 2023 Android security upgrades, which included fixed a zero-day bug identified as CVE-2023-35674 that was being actively used in the wild.
The Framework component contains the high-severity vulnerability CVE-2023-35674, which a threat actor might utilize to elevate privileges without the need for user involvement or extra execution privileges. There are signs that CVE-2023-35674 may be the subject of selective, limited exploitation. reads the Google advisory that was released.