.png)
BOOK THIS SPACE FOR AD
ARTICLE AD
Google fixed critical zero-click RCE in Android
Pierluigi Paganini
December 05, 2023
Google fixed a critical zero-click RCE vulnerability (CVE-2023-40088) with the release of the December 2023 Android security updates.
Google December 2023 Android security updates addressed 85 vulnerabilities, including a critical zero-click remote code execution (RCE) flaw tracked as CVE-2023-40088.
The vulnerability resides in Android’s System component, it doesn’t require additional privileges to be triggered. An attacker can exploit the vulnerability to execute arbitrary code on the vulnerable devices without user interaction
“The most severe vulnerability in this section could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.” reads the security advisory.
The IT giant also addressed the following critical vulnerabilities in the Framework component
| CVE-2023-40077 | A-298057702 | EoP | Critical | 11, 12, 12L, 13, 14 |
| CVE-2023-40076 | A-303835719 | ID | Critical | 14 |
in the System component:
| CVE-2023-45866 | A-294854926 | EoP | Critical | 11, 12, 12L, 13, 14 |
and the following one in the Qualcomm closed-source components
| CVE-2022-40507 | A-261468680 * | Critical | Closed-source component |
Android users should promptly address the vulnerabilities once the patch becomes publicly available.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Android)
Bengali (Bangladesh) · 
English (United States) ·