Google Addresses Critical Zero-Click RCE in Android’s December 2023 Security Updates

December 5, 2023

Google has released its December 2023 security updates for Android, which have addressed a total of 85 vulnerabilities. Among these, a critical zero-click remote code execution (RCE) flaw, identified as CVE-2023-40088, stands out due to its severity. This vulnerability is present in the System component of Android and does not necessitate any additional privileges to be exploited.

What makes this flaw particularly alarming is that an attacker can utilize it to execute arbitrary code on susceptible devices without any user interaction. According to the security advisory, “The most severe vulnerability in this section could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.”

In addition to this critical flaw, Google has also addressed other serious vulnerabilities in the Framework component and one in Qualcomm's closed-source components. These vulnerabilities also pose significant risks and should not be overlooked.

Android users are advised to apply the security patches as soon as they become publicly available. Prompt action is essential to protect devices from potential exploitation of these vulnerabilities.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.