Google December 2023 Android security updates addressed 85 vulnerabilities, including a critical zero-click remote code execution (RCE) flaw tracked as CVE-2023-40088.
The vulnerability resides in Android’s System component, it doesn’t require additional privileges to be triggered. An attacker can exploit the vulnerability to execute arbitrary code on the vulnerable devices without user interaction.
“The most severe vulnerability in this section could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.” reads the security advisory.
The IT giant also addressed the following critical vulnerabilities in the Framework component.
