Google announced the discovery of a crucial security loophole within the Android operating system. Assigned the identifier CVE-2023-40088, this vulnerability presents a potential risk, enabling attackers to execute code remotely on a device without requiring additional privileges.
Details regarding CVE-2023-40088 have not been fully disclosed by Google. Classified under the System category, it appears to facilitate the remote installation of malware via Wi-Fi, Bluetooth, or NFC, without the device owner’s awareness.
Exploitation and Proximity
While this vulnerability permits remote exploitation, it’s important to note that the attacker would need to be relatively near the target device.
Google hasn’t divulged specifics regarding the discovery or any documented instances of exploitation. However, the company plans to issue security updates promptly, addressing CVE-2023-40088 across various Android versions through the Android Open Source project.
The impending patches for Android 11, 12, 12L, 13, and the latest Android 14 versions will be disseminated to device manufacturers in the upcoming days. Google Pixel phones might receive the fix initially, with other brands following suit, albeit with varying timelines.
In addition to CVE-2023-40088, Google identified several other critical vulnerabilities in the Android Framework and System, leading to privilege escalation and information disclosure, notes NIXsolutions. Consequently, Android users are strongly advised to stay vigilant and promptly install the December security updates to mitigate these severe issues.