On 4 December 2023, Google addressed 85 vulnerabilities affecting Android, which included a critical zero-click remote code execution vulnerability (CVE-2023-40088).
As of the reporting time, there is no official CVSS score in the United States National Vulnerability Database (NVD). However, based on the assessment provided in the Android Security Bulletin issued on 4 December 2023, the vulnerability appears to be critical, given its potential for remote exploitation without any user interaction.
There are currently no reports of exploitation in the wild. Nevertheless, the threat landscape concerning this vulnerability is fluid and may evolve rapidly, particularly because many vendors are still in the process of testing patches, and fixes have not been universally implemented.