CVE-2023-40088 is a critical Android vulnerability that Google patched with the December Android security update
Today’s security update includes a patch for CVE-2023-40088, one of 85 vulnerabilities patched with today’s update. Listed under the System heading of flaws fixed by the update (there were 16 System vulnerabilities listed), this particular vulnerability is listed as an RCE or Remote code execution, and it could have be used by attackers to place their own code into the system of a target phone without the phone user’s knowledge or permission. It is unknown whether this vulnerability was exploited in the past.
If you’re waiting for the Pixel December Feature Drop to, well, drop, keep checking in with us as it could happen at any time.