A new security flaw affecting several versions of Android was recently detected by Google. The giant has already developed a fix, but you will still have to wait before you can take advantage of it.

A new security flaw affecting several versions of Android was

A new security flaw affecting several versions of Android was recently detected by Google. The giant has already developed a fix, but you will still have to wait before you can take advantage of it.

We can’t say it enough: be vigilant with your devices connected to the Internet. Despite the efforts made by IT giants in cybersecurity, the vast majority of devices available on the market – if not all – are prey to hacks. Recently, Google has also spotted a new flaw. In his last Android Security Bulletin, published this Monday, December 4, 2023, the company indicated that a critical security vulnerability had been detected on certain Android devices. A major problem which particularly affects Android versions 11, 12, 13 but also Android 14. You must therefore be vigilant if you use one of these versions.

Android security flaw: Google already has the fix

This security flaw, which has been associated with the reference CVE-2023-4008, is all the more worrying as it does not require any action on the part of the user. “[C’est] a critical security vulnerability in the system component that could lead to remote code execution without additional execution privileges needed. User interaction is not required for operation”, Google wrote in its latest security bulletin. More concretely, malware could execute without you having clicked on any link or button. To protect you, Google has nevertheless provided a patch on the Android Open Source Project (AOSP). However, you cannot take advantage of this update immediately. In fact, you have to wait for phone manufacturers to deploy this fix in a future update of your device to take advantage of it.

In addition to this security flaw, Google also listed no less than eighty-five vulnerabilities in its latest report. Among them, we find three other critical vulnerabilities which have already been fixed: CVE-2023-40077, CVE-2023-40076 and CVE-2023-45866. While the first two involve privilege escalation, the third can be used by hackers to leak information. Unfortunately, the deployment of patches on Android Smartphones is still a real problem. Some devices are expected to remain vulnerable for several weeks or even months if manufacturers delay deploying security patches.

ccn5