CVE-2023-35674

Name of the Vulnerable Software and Affected Versions Android versions prior to the September 2023 security updates

Description The issue is related to a logic error in the code of WindowState.java, specifically in the onCreate method, which can lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation. This flaw is being actively exploited in the wild, and it is estimated that a significant number of devices may be affected. The vulnerability allows an attacker to escalate privileges.

Recommendations To resolve the issue, update your Android device to the latest version that includes the September 2023 security updates. As a temporary workaround, consider restricting access to sensitive features and data on your device until the update is applied.