Millions at risk from actively exploited Android zero-day — update right now

Pixel 7a held in hand
(Image credit: Tom's Guide)

Google has patched a number of critical and high-severity flaws in its latest round of monthly security updates, including a zero-day vulnerability that is being actively exploited by hackers.

As reported by The Hacker News, the search giant has rolled out a new set of security updates for the best Android phones which patch several flaws in the Android Framework and its System component.

Of these flaws, the most concerning one is a privilege escalation vulnerability tracked as CVE-2023-35674. According to Google’s Android Security Bulletin for September 2023, there are indications that this vulnerability “may be under limited, targeted exploitation”. However, the company didn’t go into further details about how hackers are actively using the vulnerability in their attacks.  

Still though, you’re going to want to update your Android phone as soon as possible to avoid falling victim to any potential attacks leveraging this flaw.

Critical and high-severity flaws patched

Besides this zero-day, Google’s latest monthly security update also fixes three other privilege escalation flaws in Framework. 

The company explains in September’s Android Security Bulletin that if left unpatched, the most severe vulnerability in Framework “could lead to local escalation of privilege with no additional execution privileges needed”. Likewise, no user interaction is necessary to exploit this vulnerability.

In addition to Framework, Google also patched several critical and high-severity vulnerabilities in Android’s System component. Once again, the most severe vulnerability in System “could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed”.

All told, Google has fixed 7 flaws in Framework, 14 flaws in Android’s System module and two flaws in the operating system’s MediaProvider component which will be sent out to vulnerable Android phones through a Google Play system update.

How to keep your Android phone safe from hackers

A hand holding a phone securely logging in

(Image credit: Google)

Just like with the best laptops, the most important thing you can do to keep your Android phone safe is to install regular updates as soon as they become available. These updates contain bug fixes and other tweaks to prevent hackers from exploiting known vulnerabilities.

If your phone is no longer receiving regular security updates, then you’re going to want to have one of the best Android antivirus apps installed to protect you against threats exploiting these types of vulnerabilities. While Google Play Protect does a great job at stopping malware and malicious apps, it just doesn’t offer the same features that paid Android antivirus apps do. 

At the same time, you’re going to want to avoid sideloading apps and should instead stick to official app stores like the Google Play Store, Amazon Appstore and Samsung Galaxy Store when downloading new apps. However, you should still try to limit the number of apps on your phone because even good apps can go rogue.

Google regularly updates Android with new security features and if you don’t want to miss out on them, you might consider getting a Pixel phone like the Google Pixel 7a or the upcoming Google Pixel 8 as your next smartphone. This way, you’ll be first in line for all of the latest features while also being protected with regular security updates.

More from Tom's Guide

TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Google Pixel 9 held in the hand.
Google just fixed a zero-day kernel flaw used by hackers and 47 other vulnerabilities — update your Android phone right now
Android 12
Google March Android Security Update fixes two high severity vulnerabilities — update now
iPhone 16 Pro shown held in hand
Apple just patched its first zero-day flaw of the year — update your iPhone and Mac right now
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
How to disable the Windows key
Microsoft patches over 160 security flaws including 3 active zero days — update your PC right now
Windows
240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now
Latest in Tech
Casetify Bounce Suitcase
I ditched my Away Carry-On for a bright red suitcase made by a phone case brand, and I was shocked by how much I liked it
Columbia Sportswear and Intuitive Machines partnership
Columbia Sportswear’s UV-blocking technology just landed on the moon, and I spoke to the materials scientist who designed it
iPhone 16e review.
What Tom’s Guide tested this week — the iPhone 16e is the most polarizing phone of the year
A split screen photo showing a coffee grinder on one side and a smart watch on the other
What Tom’s Guide tested this week: Sony, OnePlus, Corsair and more
A split screen image showing an instant camera on the left and a Dyson vacuum on the right
What Tom’s Guide tested this week: Expert reviews of Dyson, Insta360 and more
A composite of Soundcore Space One Pro headphones and Sony ZV-1F vlogging camera
What Tom’s Guide tested this week: 5 products that won our expert reviewers’ hearts
Latest in News
iPhone 16 with Apple Intelligence logo for iOS 18.1
iOS 18.4: All the newest Apple Intelligence features coming to your iPhone
Maria Debska in "Just One Look" now streaming on Netflix
3 best Netflix shows in March you haven't watched yet
Split image featuring the Galaxy S25 Edge (left) and Galaxy S25 Ultra (right)
Samsung Galaxy S25 Edge just tipped for two Galaxy S25 Ultra-level features
Wolfenstein: The Old Blood
Amazon is giving away a ton of free games for its Big Spring Sale — here’s how to claim yours
A TV with the Netflix logo sits behind a hand holding a remote
Netflix is rolling out a big video quality upgrade — what you need to know
Choi Hyun-Wook, Hong Kyung, and Park Ji-hoon in "Weak Hero Class 1" now streaming on Netflix
This action-packed K-drama is now streaming on Netflix — and now’s the time to binge-watch before season 2