Jump to content
  • Android December 2022 security updates fix 81 vulnerabilities

    alf9872000

    • 639 views
    • 2 minutes
     Share


    • 639 views
    • 2 minutes

    Google has released the December 2022 security update for Android, fixing four critical-severity vulnerabilities, including a remote code execution flaw exploitable via Bluetooth.

     

    This month’s update addresses 45 vulnerabilities in core Android components with patch level 2022-12-01, and another 36 vulnerabilities impacting third-party components addressed in patch level 2022-12-05.

     

    “The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution over Bluetooth with no additional execution privileges needed,” mentions the security bulletin.

     

    The four critical-severity vulnerabilities addressed in this month’s update are:

    • CVE-2022-20472 – Remote code execution flaw in Android Framework, impacting Android versions 10 to 13.
    • CVE-2022-20473 – Remote code execution flaw in Android Framework, impacting Android versions 10 to 13.
    • CVE-2022-20411 – Remote code execution flaw in Android System, impacting Android versions 10 to 13.
    • CVE-2022-20498 – Information disclosure flaw in Android System, impacting Android versions 10 to 13.

     

    The rest of the fixed vulnerabilities involve elevation of privileges (EoP), remote code execution, information disclosure, and denial of service problems.

     

    The high-severity EoP flaws are typically exploited by malware sneaking into a device via a low-privilege pathway, such as installing malicious software masquerading as an innocuous app.

     

    That said, applying the available update as soon as it becomes available for your device is crucial, even if none of the flaws are currently reported as actively exploited.

     

    If your device no longer receives monthly Android security updates or uses Android 9 or older, you are officially out of support.

     

    In these cases, you are advised to upgrade to a newer device or install a custom ROM based on a later Android version, like LineageOS.

     

    Owners of Google Pixel devices have also received an important security update this month, which addresses a total of 16 critical-severity flaws in various components.

     

    These critical vulnerabilities enable attackers to elevate privileges or information disclosure on the target devices.

     

    More details on the Pixel December 2022 update can be found on the dedicated security bulletin for Google’s own smartphone range.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...