Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Over 75 Vulnerabilities Patched in Android With December 2022 Security Updates

Google this week announced the December 2022 Android updates with patches for over 75 vulnerabilities, including multiple critical remote code execution (RCE) flaws.

The most severe of the RCE bugs is CVE-2022-20411, an issue in Android’s System component that could be exploited over Bluetooth.

Google this week announced the December 2022 Android updates with patches for over 75 vulnerabilities, including multiple critical remote code execution (RCE) flaws.

The most severe of the RCE bugs is CVE-2022-20411, an issue in Android’s System component that could be exploited over Bluetooth.

“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution over Bluetooth with no additional execution privileges needed,” Google explains in its advisory.

Two other critical-severity RCE flaws (CVE-2022-20472 and CVE-2022-20473) were resolved in the Framework component. Google also patched a critical information disclosure (CVE-2022-20498) in the System component.

All four issues were resolved as part of the 2022-12-01 security patch level, which addresses a total of 41 vulnerabilities in Android Runtime (1), Framework (20), Media framework (1), and System (19).

Most of the addressed security defects are high-severity flaws, with escalation of privilege being the most common type. Information disclosure and denial-of-service (DoS) issues were also resolved.

An additional 35 high-severity vulnerabilities were resolved as part of the 2022-12-05 security patch level, in Kernel, Imagination Technologies, MediaTek, Unisoc, and Qualcomm components.

Devices using a security patch level of 2022-12-05 or newer include patches for all the vulnerabilities above, as well as for those resolved with previous Android security updates.

A total of 151 Pixel-specific vulnerabilities were resolved this month, Google announced. Most of the bugs are medium-severity escalation of privilege issues, with numerous information disclosure bugs addressed as well.

Pixel devices running a security patch level of 2022-12-05 include patches for all vulnerabilities described in the December 2022 Android security bulletin, as well as for the 151 bugs mentioned above.

Google’s December 2022 Android Automotive OS (AAOS) update bulletin describes eight AAOS vulnerabilities that have been resolved alongside the flaws addressed with a security patch level of 2022-12-05 from the December 2022 Android security bulletin.

Related: Google Patches High-Severity Privilege Escalation Vulnerabilities in Android

Related: Android Security Updates Patch Critical Vulnerabilities

Related: Google Patches Critical Vulnerabilities in Pixel Phones

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.