Google announced on Tuesday the first Android security updates for 2023, which patch a total of 60 vulnerabilities.
The first part of the update, which arrives on devices as the 2023-01-01 security patch level, addresses 19 security defects in the Framework and System components.
“The most severe of these issues is a high security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed,” Google notes in its advisory.
A total of 11 elevation of privilege bugs were resolved in the Framework component this month, along with three denial-of-service (DoS) issues. Five other elevation of privilege vulnerabilities were addressed in the System component.
The second part of this month’s security update, which arrives on devices as the 2023-01-05 security patch level, addresses 41 vulnerabilities in Kernel and third-party components.
The most important of these vulnerabilities are four critical-severity flaws in Kernel and Kernel components, all leading to remote code execution (RCE). Two high-severity elevation of privilege bugs were also addressed in Kernel and Kernel components.
The 2023-01-05 security patch level also fixes vulnerabilities in Kernel LTS (1 bug), Imagination Technologies components (1), MediaTek components (3), Unisoc components (13), Qualcomm components (2), and Qualcomm closed-source components (15).
A security patch level of 2023-01-05 addresses all issues resolved with this and previous Android security updates.
This month, Google resolved eight additional vulnerabilities in Pixel devices, including three high-severity Pixel flaws and five medium-severity issues in Qualcomm components.
Google also announced patches for eight vulnerabilities as part of the January 2023 security updates for Android Automotive, including three mandatory issues in the Media Framework and Platform Apps components, and five optional bugs in Platform Apps, System UI, and Kernel components.