Google has released security updates to address critical vulnerabilities (CVE-2023-40077, CVE-2023-40076, CVE-2023-40088, CVE-2023-45866) in Android devices.
The critical vulnerabilities are:
- CVE-2023-40077: A vulnerability in the Android Framework component could allow an unauthenticated remote user to escalate privileges without any user interaction needed for exploitation.
- CVE-2023-40076: A permissions bypass vulnerability in the Android Framework component could allow a user to access credentials from other users, and achieve local escalation of privilege without any user interaction needed for exploitation.
- CVE-2023-40088: A vulnerability in the Android System component could allow an unauthenticated remote user to perform Remote Code Execution (RCE) without any user interaction needed for exploitation.
- CVE-2023-45866: A vulnerability in the Android System component could allow an unauthenticated remote user to escalate privileges without any user interaction needed for exploitation.
The vulnerabilities affect Android versions 10 and before.
Users and administrators of affected product versions are advised to upgrade to the latest version immediately.
More information is available here:
https://source.android.com/docs/security/bulletin/2023-12-01?hl=en