CVE-2023-35674
- Reference to the description:
- Description:
- In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- Last updated date:
- 09/30/2024
Reports
ACTIVELY EXPLOITED
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 09/05/2023
- Reference url to background
https://source.android.com/docs/security/bulletin/2023-09-01
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 09/06/2023
- Reference url to background
https://thehackernews.com/2023/09/zero-day-alert-latest-android-patch.html
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 09/13/2023
- Reference url to background
https://www.cisa.gov/known-exploited-vulnerabilities-catalog